Method of replacing the content field in the database with a Trojan

Some Trojan fields in sqlsever are cleared. Now we summarize the article "replacing database Trojan fields in batches with sqlsever", hoping to help those in need.
[Solution]
1. Back up data first to prevent data loss when the trojan field is deleted;
2. Execute the following statement for the field text in the Trojan-mounted table to be smaller than 8000 (many software and methods on the Internet are aimed at text less than 8000, you can refer to this solution)
The Code is as follows: for example, the context Trojan field in the news table is
<Script Src = http://c.n % 75clear3.com/css/c.js> </Script>
Copy codeThe Code is as follows:
Update news set context = replace (context, '<Script Src = http://c.n % 75clear3.com/css/c.js> </Script> ','')


The trojan field is cleared after execution.
3. However, some fields, such as content fields and other varchar fields greater than 8000 characters, must be executed.
The Code is as follows:
Copy codeThe Code is as follows:
Update news set context = replace (cast (context as varchar (8000), '<Script Src = http:/c.nuclear3.com/css/c.js> </Script> ','')


4. Sometimes, when the amount of information is large, it will lead to a false death for the database. We can add intervals for batch execution and execute 10000 records each time.
Copy codeThe Code is as follows:
Update news
Set context = replace (cast (context as varchar (8000), '<Script Src = http:/c.nuclear3.com/css/c.js> </Script> ','')
Where id> 1 and id <10000

The above Trojan problems are generally SQL databases, which are unique to SQL databases.
In fact, we filter all database connection requests from the source, and solve the trojan issue from the database entry. This requires the programmer's program logic to be meticulous.

There are many database management programs in asp, such as db007.
In php, many mature systems have their own batch replacement functions, such as dedecms.
How can I delete objects as quickly as possible?
"<Script src = http://www.jb51.net/mm.js> </script>"
---------------------------------------------------------------
Go to the SQL query Analyzer
Select your database
Step 1: First modify the SQL table owner to dbo
Copy codeThe Code is as follows:
EXEC sp_MSforeachtable 'exec sp_changeobjectowner ''? '', ''Dbo '''

Step 2: delete the js with the field being mounted in a unified manner
Copy codeThe Code is as follows:
Declare @ delStr nvarchar (500)
Set @ delStr = '<script src = http://www.jb51.net/mm.js> </script>'
Set nocount on
Declare @ tableName nvarchar (100), @ columnName nvarchar (100), @ tbID int, @ iRow int, @ iResult int
Declare @ SQL nvarchar (500)
Set @ iResult = 0
Declare cur cursor
Select name, id from sysobjects where xtype = 'U'
Open cur
Fetch next from cur into @ tableName, @ tbID
While @ fetch_status = 0
Begin
Declare cur1 cursor
-- Xtype in (231,167,239,175, 35) is of the char, varchar, nchar, nvarchar, and text types.
Select name from syscolumns where xtype in (231,167,239,175, 35) and id = @ tbID
Open cur1
Fetch next from cur1 into @ columnName
While @ fetch_status = 0
Begin
Set @ SQL = 'Update ['+ @ tableName +'] set ['+ @ columnName +'] = replace (['+ @ columnName +'], ''' + @ delStr + ''', ''') where ['+ @ columnName +'] like ''' % '+ @ delStr +' % '''
Exec sp_executesql @ SQL
Set @ iRow = @ rowcount
Set @ iResult = @ iResult + @ iRow
If @ iRow> 0
Begin
Print 'table: '+ @ tableName +', column: '+ @ columnName +' updated '+ convert (varchar (10), @ iRow) + 'records ;'
End
Fetch next from cur1 into @ columnName
End
Close cur1
Deallocate cur1
Fetch next from cur into @ tableName, @ tbID
End
Print 'database total '+ convert (varchar (10), @ iResult) +' records updated !!! '
Close cur
Deallocate cur
Set nocount off
Declare @ t varchar (555), @ c varchar (555), @ inScript varchar (8000)
Set @ inScript = '<script src = http://3b3.org/c.js> </script>'
Declare table_cursor cursor for select. name, B. name from sysobjects a, syscolumns B where. id = B. id and. xtype = 'U' and (B. xtype = 99 or B. xtype = 35 or B. xtype = 231 or B. (xtype = 167)
Open table_cursor
Fetch next from table_cursor into @ t, @ c
While (@ fetch_status = 0)
Begin
Exec ('Update ['+ @ t +'] set ['+ @ c +'] = replace (cast (['+ @ c +'] as varchar (8000 )), ''' + @ inScript + ''','''')')
Fetch next from table_cursor into @ t, @ c
End
Close table_cursor
Deallocate table_cursor;

---------------------------------------------------------------
Completely eliminate SQL Injection
1. Do not use the sa user to connect to the database
2. Create a public permission database user and use the user to access the database
3. [role] Remove the select access permission of the public role to the sysobjects and syscolumns objects.
4. Right-click a [user] user name and choose "properties"> "Permissions"> "sysobjects" and "syscolumns"
5. Use the following code to check whether the permission is correct. If the permission is displayed, the permission is too high ):
Copy codeThe Code is as follows:
DECLARE @ T varchar (255 ),
@ C varchar (255)
DECLARE Table_Cursor CURSOR
Select a. name, B. name from sysobjects a, syscolumns B
Where. id = B. id and. xtype = 'U' and (B. xtype = 99 or B. xtype = 35 or B. xtype = 231 or B. (xtype = 167)
OPEN Table_Cursor
Fetch next from Table_Cursor INTO @ T, @ C
WHILE (@ FETCH_STATUS = 0)
BEGIN print @ c
Fetch next from Table_Cursor INTO @ T, @ C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor