DECLARE @tableName VARCHAR(256);
DECLARE @sql VARCHAR(MAX);
DECLARE @UpdateTableCount INT;
SET @UpdateTableCount = 0;
DECLARE ChangeField CURSOR
FOR
SELECT DISTINCT
a.name
FROM sys.tables a
INNER JOIN sys.columns b ON a.object_id = b.object_id
INNER JOIN sys.types c ON c.user_type_id = b.user_type_id
WHERE c.name = 'char'
OR c.name = 'varchar'
ORDER BY a.name;
OPEN ChangeField;
DECLARE @FieldName VARCHAR(200);
FETCH NEXT FROM ChangeField INTO @tableName;
WHILE ( @@fetch_status = 0 )
BEGIN
SET @tableName = @tableName;
SELECT @sql = ISNULL(@sql + ', ', ' ') + a.name + '=REPLACE('
+ a.name + ',''<IMG SRC="/WF_SQL_XSRF.html">'','''')'
FROM sys.columns a
JOIN sys.types b ON a.user_type_id = b.user_type_id
WHERE object_id = OBJECT_ID(@tableName)
AND b.name = 'Char'
OR b.name = 'VarChar';
SET @sql = SUBSTRING(@sql, 2, LEN(@sql) - 1);
SET @sql = 'UPDATE ' + @tableName + ' SET ' + @sql;
PRINT @sql;
SET @UpdateTableCount = @UpdateTableCount + 1;
FETCH NEXT FROM ChangeField INTO @tableName;
SET @sql = '';
EXEC(@sql);
END;
CLOSE ChangeField;
DEALLOCATE ChangeField;
DECLARE @sql VARCHAR(MAX);
DECLARE @UpdateTableCount INT;
SET @UpdateTableCount = 0;
DECLARE ChangeField CURSOR
FOR
SELECT DISTINCT
a.name
FROM sys.tables a
INNER JOIN sys.columns b ON a.object_id = b.object_id
INNER JOIN sys.types c ON c.user_type_id = b.user_type_id
WHERE c.name = 'char'
OR c.name = 'varchar'
ORDER BY a.name;
OPEN ChangeField;
DECLARE @FieldName VARCHAR(200);
FETCH NEXT FROM ChangeField INTO @tableName;
WHILE ( @@fetch_status = 0 )
BEGIN
SET @tableName = @tableName;
SELECT @sql = ISNULL(@sql + ', ', ' ') + a.name + '=REPLACE('
+ a.name + ',''<IMG SRC="/WF_SQL_XSRF.html">'','''')'
FROM sys.columns a
JOIN sys.types b ON a.user_type_id = b.user_type_id
WHERE object_id = OBJECT_ID(@tableName)
AND b.name = 'Char'
OR b.name = 'VarChar';
SET @sql = SUBSTRING(@sql, 2, LEN(@sql) - 1);
SET @sql = 'UPDATE ' + @tableName + ' SET ' + @sql;
PRINT @sql;
SET @UpdateTableCount = @UpdateTableCount + 1;
FETCH NEXT FROM ChangeField INTO @tableName;
SET @sql = '';
EXEC(@sql);
END;
CLOSE ChangeField;
DEALLOCATE ChangeField;