替换数据库有所有表的某些数据,哎,病毒啊,数据库中所有的数据都被注入了,没有办法只有替换它们

if exists(select name from sysobjects where type='p' and Name='UpdateTextColumn')
drop proc UpdateTextColumn
go

Create proc [dbo].[UpdateTextColumn]
@Table varchar(100),
@Columns varchar(200),--eg:Column1,Column2,
@old varchar(100),
@new varchar(100)
as
    set nocount on
    declare @sql nvarchar(2000)
    declare @Column varchar(50)
    declare @cpos int,@npos int
    set @cpos=1;
    set @npos=1;
    set @npos=charindex(',',@Columns,@cpos);

    while(@npos>0)
    begin
        set @Column = substring(@Columns,@cpos,@npos-@cpos);
        set @cpos = @npos+1
        set @npos=charindex(',',@Columns,@cpos);
       
        set @sql = 'update '+@Table+' set '+@Column+'=replace(cast('+@Column+' as varchar(8000)),@old,@new) where Datalength('+@Column+')<=8000';
        EXECUTE sp_executesql @Sql,
                           N'@old varchar(100),@new varchar(100)',
                           @old,
                           @new
        declare @ptr binary(16) ,@offset int,@dellen int
       
        set @dellen = len(@old)
       
        set @offset = 1
        while @offset>=1
        begin
            set @offset = 0
            set @sql = 'select     top 1 @offset = charindex('''+@old+''' , '+@Column+'), @ptr = textptr('+@Column+') from '+@Table+' where Datalength('+@Column+')>8000 and '+@Column+' like ''%'+@old+'%''';
            EXEC sp_executesql @Sql,N'@offset int OUTPUT,@ptr binary(16) OUTPUT,@old varchar(100)',
                               @offset OUTPUT,@ptr OUTPUT,@old;

           if @offset > 0
            begin
                set @offset = @offset-1

                set @sql='updatetext '+@Table+'.'+@Column+' @ptr @offset @dellen @new';
                EXEC sp_executesql @Sql,N'@offset int ,@ptr binary(16),@dellen int,@new varchar(100)',@offset,@ptr,@dellen,@new;
            end
        end
end
go
------------------ReplaceKeyWord----------------
--ReplaceKeyWord
if exists(select name from sysobjects where type='p' and Name='ReplaceKeyWord')
drop proc [ReplaceKeyWord]
go
Create proc [dbo].[ReplaceKeyWord]
@old nvarchar(100),
@new nvarchar(100)
as
declare @sql nvarchar(1000)
set @sql=N'
declare   @s   nvarchar(4000),@tbname   sysname
select   @s=N'''',@tbname=N''?''
select   @s=@s+N'',''+quotename(a.name)+N''=replace(''+quotename(a.name)+N'',N'''''+@old+''''',N'''''+@new+''''')''
from   syscolumns   a,systypes   b
where   a.id=object_id(@tbname)   
and   a.xusertype=b.xusertype
and   b.name   like   N''%char''
if   @@rowcount>0
begin
set   @s=stuff(@s,1,1,N'''')
exec(N''update   ''+@tbname+''   set   ''+@s)
end '
--print @sql
exec   sp_msforeachtable   @sql;

set @sql=N'
declare   @s   nvarchar(4000),@tbname   sysname
select   @s=N'''',@tbname=N''?''
select   @s=@s+quotename(a.name)+N'',''
from   syscolumns   a,systypes   b
where   a.id=object_id(@tbname)   
and   a.xusertype=b.xusertype
and   b.name   like   N''%text''
if   @@rowcount>0
begin
exec UpdateTextColumn @tbname,@s,'''+@old+''','''+@new+'''
end
' ;
exec   sp_msforeachtable @sql
go
--Exec ReplaceKeyWord '<script src=http://cn.daxia123.cn/cn.js></script>',''

 

posted @ 2009-03-30 11:57  月光小提琴  阅读(235)  评论(0编辑  收藏  举报