删除入侵数据

最新推荐文章于 2020-01-22 23:46:03 发布

cxzhq2002

最新推荐文章于 2020-01-22 23:46:03 发布

阅读量526

点赞数

本文链接：https://blog.csdn.net/cxzhq2002/article/details/4827151

版权

declare @name as nvarchar(128),@columnName as nvarchar(128),@columnType as nvarchar(128),@injectSql as nvarchar(111)
    set @injectSql='入侵点'
          DECLARE curLabel CURSOR FOR select top 6 name from sysobjects where xtype='U'
          OPEN curLabel
          FETCH NEXT FROM curLabel INTO @name
          WHILE @@FETCH_STATUS = 0
          BEGIN
    DECLARE curLabel1 CURSOR FOR SELECT Column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE (TABLE_NAME = @name)
    OPEN curLabel1
    FETCH NEXT FROM curLabel1 INTO @columnName,@columnType
    WHILE @@FETCH_STATUS = 0
    BEGIN
     if((@columnType='text' or @columnType='ntext'))
      --print 1
      BEGIN TRY
       declare @primaryKey nvarchar(255);
       SELECT @primaryKey=primaryKey from
       (select
        c.name as primaryKey,
        case when c.colid in(select ik.colid
        from sysindexes i, Sysindexkeys ik, sysobjects oo
        where i.id=ik.id and i.indid=ik.indid
         and i.name=oo.name and oo.xtype='PK' --主键
         and o.id=i.id
        ) then 1 else 0 end isPrimaryKey
        from sysobjects o inner join syscolumns c on o.id=c.id
        where o.xtype='U'
        and o.name=@name) as t where isPrimaryKey=1

       exec('declare @ptr varbinary(16);declare @id nvarchar(16);declare curText scroll Cursor for select textptr('+@columnName+'),'+@primaryKey+' from '+@name+';declare @Position int,@len int;OPEN curText;FETCH NEXT FROM curText INTO @ptr,@id;WHILE @@FETCH_STATUS=0 BEGIN;select @Position=patindex(''%'+@injectSql+'%'','+@columnName+') from '+@name+' where '+@primaryKey+'=@id;while @Position>0 begin;set @Position=@Position-1;updatetext '+@name+'.'+@columnName+' @ptr @Position @len '''';select @Position=patindex(''%'+@injectSql+'%'','+@columnName+') from '+@name+' where '+@primaryKey+'=@id;end;FETCH NEXT FROM curText INTO @ptr,@id;END;CLOSE curText;DEALLOCATE curText')
      END TRY
      BEGIN CATCH
       print(@name+'.'+@columnName)
      END CATCH;
     else
      if(@columnType='nvarchar' or @columnType='varchar')

--更新

print @name
      exec('update '+@name+' set '+@columnName+'=replace('+@columnName+','''+@injectSql+''','''')')

    FETCH NEXT FROM curLabel1 INTO @columnName,@columnType
    END
    CLOSE curLabel1
    DEALLOCATE curLabel1
          FETCH NEXT FROM curLabel INTO @name
          END
          CLOSE curLabel
          DEALLOCATE curLabel

==============================

记录入侵时间

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [dbo].[triggerName] ON [dbo].[tableName]
FOR UPDATE
AS
if update([comm])
begin
UPDATE [columnName]
SET update_time=getdate()
from inserted,tableName R
WHERE R.id=inserted.id
raiserror('感谢您为我们做安全检查！',16,1)

end