2009-09-30 00:02
网站的数据库经常可能由于管理不严密,被注入js脚本到数据表的字段中,下面是一个自己写的清除脚本。
IF EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[RemoveNoise]') AND type in (N'P', N'PC'))
DROP PROCEDURE dbo.RemoveNoise
GO
CREATE PROCEDURE dbo.RemoveNoise
@TableName varchar(2000),
@RemovedString varchar(4000)
AS
BEGIN
DECLARE @name varchar(2000)
DECLARE cols CURSOR
FOR SELECT c.name FROM sys.columns c
INNER JOIN sys.objects o ON c.OBJECT_ID = o.OBJECT_ID
WHERE o.NAME = @TableName AND c.user_type_id IN (35,99,167,173,175,231,239)
OPEN cols
FETCH NEXT FROM cols INTO @name
WHILE @@FETCH_STATUS = 0
BEGIN
EXECUTE(' UPDATE ' + @TableName + ' SET [' + @name + '] = REPLACE([' + @name + '],''' + @RemovedString + ''', '''')' )
FETCH NEXT FROM cols INTO @name
END
CLOSE cols
DEALLOCATE cols
END