复制代码 代码如下: declare @delStr nvarchar(500) set @delStr="<script src=http://www.kansm.com/js/common.js></script>" --这里被注入的字段串 /****************************************/
/**********以下为操作实体************/ set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int declare @sql nvarchar(2000)
set @iResult=0 declare cur cursor for select name,id from sysobjects where xtype="U"
open cur fetch next from cur into @tableName,@tbID
while @@fetch_status=0 begin declare cur1 cursor for select name from syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID open cur1 fetch next from cur1 into @columnName while @@fetch_status=0 begin set @sql="update [" + @tableName + "] set ["+ @columnName +"]= SUBSTRING([" + @columnName + "]," + "1, PATINDEX( ""%" + @delStr + "%"", [" + @columnName + "])-1) + " + "SUBSTRING([" + @columnName + "], PATINDEX( ""%" + @delStr + "%"", [" + @columnName + "]) + " + "len(""" + @delStr + """) , datalength([" + @columnName + "])) where ["+@columnName+"] like ""%"+@delStr+"%"""
exec sp_executesql @sql set @iRow=@@rowcount set @iResult=@iResult+@iRow if @iRow>0 begin print "表:"+@tableName+",列:"+@columnName+"被更新"+convert(varchar(10),@iRow)+"条记录;" end fetch next from cur1 into @columnName
end close cur1 deallocate cur1
fetch next from cur into @tableName,@tbID end print "数据库共有"+convert(varchar(10),@iResult)+"条记录被更新!!!"
易网时代-编程资源站