批量修改数据库表的值: declare @t varchar(255),@c varchar(255) declare table_cursor cursor for select a.name,b.name from sysobjects a,syscolumns b ,systypes c where a.id=b.id and a.xtype='u' and c.name in ( 'char', 'nchar', 'nvarchar', 'varchar','text') declare @str varchar(500),@str2 varchar(500) set @str='<mce:script src="http://z360.net" mce_src="http://z360.net"></mce:script>' set @str2='' open table_cursor fetch next from table_cursor into @t,@c while(@@fetch_status=0) begin exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''+ @str2 +''')') fetch next from table_cursor into @t,@c end close table_cursor deallocate table_cursor; 数据库被注入的时候很好用,