sql注入数据库修复的两种实例方法,数据库被注入解有效处理方法

declare @delStr nvarchar(500卡塔尔 set @delStr=’script src=’
–这里被注入的字段串
/****************************************/

1.先是种状态是 须求将点名的 注入字符串全体交替掉复制代码 代码如下:declare @delStr nvarchar(500)set @delStr=’script src=//’ –这里被注入的字段串
/****************************************/
/**********以下为操作实体************/ set nocount
on declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID
int,@iRow int,@iResult int declare @sql nvarchar(2000) set @iResult=0
declare cur cursor for select name,id from sysobjects where xtype=’U’
open cur fetch next from cur into @tableName,@tbID while
@@fetch_status=0 begin declare cur1 cursor for select name from
syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID open
cur1 fetch next from cur1 into @columnName while @@fetch_status=0 begin
set @sql=’update [‘ + @tableName + ‘] set [‘+ @columnName +’]=
SUBSTRING([‘ + @columnName + ‘],’ + ‘1, PATINDEX( ”%’ + @delStr +
‘%”, [‘ + @columnName + ‘])-1) + ‘ + ‘SUBSTRING([‘ + @columnName +
‘], PATINDEX( ”%’ + @delStr + ‘%”, [‘ + @columnName + ‘]) + ‘ +
‘len(”’ + @delStr + ”’) , datalength([‘ + @columnName + ‘])) where
[‘+@columnName+’] like ”%’+@delStr+’%”’ exec sp_executesql @sql set
@iRow=@@rowcount set @iResult=@iResult+@iRow if @iRow0 begin print
‘表:’+@tableName+’,列:’+@columnName+’被更新’+convert(varchar(10卡塔尔,@iRowState of Qatar+’条记下;’
end fetch next from cur1 into @columnName end close cur1 deallocate cur1
fetch next from cur into @tableName,@tbID end print
‘数据库教程共有’+convert(varchar(10State of Qatar,@iResultState of Qatar+’条记下被更新!!!’ close
cur deallocate cur set nocount off

/**********以下为操作实体************/ set nocount
on

2.次之种是 需求将注入到表中开场地点到最终都删掉。复制代码 代码如下:–复苏被注入数据库
–二〇一一-09-26 declare @delStr nvarchar(500卡塔尔国 set @delStr=’/titlestyle.’
–被注入的字段串的最初采集样板,从今以往地方前边的数额都为注入数据
/**********以下为操作实体************/ set nocount
on declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID
int,@iRow int,@iResult int declare @sql nvarchar(2000) set @iResult=0
declare cur cursor for select name,id from sysobjects where xtype=’U’
open cur fetch next from cur into @tableName,@tbID while
@@fetch_3522vip ,status=0 begin declare cur1 cursor for select name from
syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID open
cur1 fetch next from cur1 into @columnName while @@fetch_status=0 begin
set @sql=’update [‘ + @tableName + ‘] set [‘+ @columnName +’]=
SUBSTRING([‘ + @columnName + ‘],1, PATINDEX( ”%’ + @delStr + ‘%”,
[‘ + @columnName + ‘])-1) where [‘+@columnName+’] like
”%’+@delStr+’%”’ exec sp_executesql @sql set @iRow=@@rowcount set
@iResult=@iResult+@iRow if @iRow0 begin print
‘表:’+@tableName+’,列:’+@columnName+’被更新’+convert(varchar(10卡塔尔国,@iRow卡塔尔+’条记下;’
end fetch next from cur1 into @columnName end close cur1 deallocate cur1
fetch next from cur into @tableName,@tbID end print
‘数据库教程共有’+convert(varchar(10卡塔尔国,@iResult卡塔尔(قطر‎+’条记下被更新!!!’ close
cur deallocate cur set nocount off

declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID
int,@iRow int,@iResult int declare @sql nvarchar(2000)

set @iResult=0 declare cur cursor for select name,id from sysobjects
where xtype=’U’

open cur fetch next from cur into @tableName,@tbID