declare @name as nvarchar(128),@columnName as nvarchar(128),@columnType as nvarchar(128),@injectSql as nvarchar(111)
set @injectSql='入侵点'
DECLARE curLabel CURSOR FOR select top 6 name from sysobjects where xtype='U'
OPEN curLabel
FETCH NEXT FROM curLabel INTO @name
WHILE @@FETCH_STATUS = 0
BEGIN
DECLARE curLabel1 CURSOR FOR SELECT Column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE (TABLE_NAME = @name)
OPEN curLabel1
FETCH NEXT FROM curLabel1 INTO @columnName,@columnType
WHILE @@FETCH_STATUS = 0
BEGIN
if((@columnType='text' or @columnType='ntext'))
--print 1
BEGIN TRY
declare @primaryKey nvarchar(255);
SELECT @primaryKey=primaryKey from
(select
c.name as primaryKey,
case when c.colid in(select ik.colid
from sysindexes i, Sysindexkeys ik, sysobjects oo
where i.id=ik.id and i.indid=ik.indid
and i.name=oo.name and oo.xtype='PK' --主键
and o.id=i.id
) then 1 else 0 end isPrimaryKey
from sysobjects o inner join syscolumns c on o.id=c.id
where o.xtype='U'
and o.name=@name) as t where isPrimaryKey=1
exec('declare @ptr varbinary(16);declare @id nvarchar(16);declare curText scroll Cursor for select textptr('+@columnName+'),'+@primaryKey+' from '+@name+';declare @Position int,@len int;OPEN curText;FETCH NEXT FROM curText INTO @ptr,@id;WHILE @@FETCH_STATUS=0 BEGIN;select @Position=patindex(''%'+@injectSql+'%'','+@columnName+') from '+@name+' where '+@primaryKey+'=@id;while @Position>0 begin;set @Position=@Position-1;updatetext '+@name+'.'+@columnName+' @ptr @Position @len '''';select @Position=patindex(''%'+@injectSql+'%'','+@columnName+') from '+@name+' where '+@primaryKey+'=@id;end;FETCH NEXT FROM curText INTO @ptr,@id;END;CLOSE curText;DEALLOCATE curText')
END TRY
BEGIN CATCH
print(@name+'.'+@columnName)
END CATCH;
else
if(@columnType='nvarchar' or @columnType='varchar')
--更新
print @name
exec('update '+@name+' set '+@columnName+'=replace('+@columnName+','''+@injectSql+''','''')')
FETCH NEXT FROM curLabel1 INTO @columnName,@columnType
END
CLOSE curLabel1
DEALLOCATE curLabel1
FETCH NEXT FROM curLabel INTO @name
END
CLOSE curLabel
DEALLOCATE curLabel
==============================
记录入侵时间
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [dbo].[triggerName] ON [dbo].[tableName]
FOR UPDATE
AS
if update([comm])
begin
UPDATE [columnName]
SET update_time=getdate()
from inserted,tableName R
WHERE R.id=inserted.id
raiserror('感谢您为我们做安全检查!',16,1)
end