The function is to search the entire database with a keyword, and then return the name of the table and the column that contains the keyword. (Great ...) Especially when the intrusion can not find the user name and password in the table, if the directly through the input admin this keyword to find the field ... Save a watch from a table. Then according to that paragraph, wrote an ASP script, convenient for everyone to search the database later.
The code is as follows:
Copy Code code as follows:
<%
' Confirm a keyword ' s position of a database (which table & which column)
' By Oldjun (http://www.oldjun.com)
' Based on Huangzi (http://www.2chuizi.com) ' s SQL
server.scripttimeout=999999999
Response.Buffer =true
On Error Resume Next
Keyword=request ("keyword")
If keyword= "" Then
Response.Write "Need keyword!"
Response. End
End If
Dim conn
Set conn = Server.CreateObject ("ADODB. Connection ")
Dim ConnStr
' Connectionstring,pls change!
Connstr= "Driver={sql SERVER}; Server=localhost; Uid=sa; Pwd=sa;database=master "
Conn.Open ConnStr
Conn.execute ("CREATE TABLE huangzi_table" (id int identity (1,1), biaoid int,biaoname nvarchar (1000))
Conn.execute ("Insert huangzi_table SELECT [Id],[name] from sysobjects where xtype= ' U '")
Set RS =conn.execute ("SELECT count (ID) as Tnum from Huangzi_table")
Tnum=rs ("Tnum")
Rs.close
Set rs=nothing
For I=1 to Tnum
Set Rsbiao =conn.execute ("Select Biaoid from huangzi_table where id=" &i& ")
Biaoid=rsbiao ("Biaoid")
Set rst =conn.execute ("SELECT [Biaoname] from huangzi_table where biaoid=" ")
Tname=rst ("Biaoname")
Set Rsl=conn.execute ("SELECT count ([name]) as Lnum from syscolumns where id=" "
LNUM=RSL ("Lnum")
For J=1 to Lnum
Topnum=j-1
Set Rslie=conn.execute ("select top 1 [name]" syscolumns where id= "&biaoid&" and [name] is not in
(select top ' &topnum& ' [name] from syscolumns where id= ' &biaoid& ')]
Liename=rslie ("name")
Set Rsresult=conn.execute ("SELECT top 1 [" &liename& "] from [" &tname& "] where CAST ([" &liename& " As NVARCHAR (1000) = ' "&keyword&" ")
If Rsresult.bof or rsresult.eof then
' Response.Write ' nothing-"&tname&": "&liename
' Response.Write ' <br> '
Else
Result=rsresult (Liename)
Response.Write result& "(" &tname& ":" &liename& ")"
Response.Write "<br>"
End If
Rslie.close
Set rslie=nothing
Rsresult.close
Set rsresult=nothing
Next
Rsbiao.close
Set rsbiao=nothing
Rst.close
Set rst=nothing
Rsl.close
Set rsl=nothing
Next
Conn.execute ("DROP TABLE huangzi_table")
%>
Note: The efficiency is very poor, may appear in the use of suspended animation, please wait patiently, the large library or do not use; Simple code, the implementation of simple functions, no technical content, save after the standby; When the connection statement has a caching problem, it is recommended to restart the browser!