The code is as follows:
| The code is as follows: |
Copy code |
Declare @ t varchar (255), @ c varchar (255)
Declare table_cursor cursor for select a. name, B. name
From sysobjects a, syscolumns B, policypes c
Where. id = B. id and. xtype = 'u' and c. name/* "u" indicates the data type you want to operate on. You do not need to change it to all data types */
In ('char ', 'nchar', 'nvarchar ', 'varchar', 'text', 'ntext'/* -- if your text (ntext) the type cannot exceed the length of 8000 (4000 */)
Declare @ str varchar (500), @ str2 varchar (500)
Set @ str = ''/* Here is the character you want to replace */
Set @ str2 = ''/* character after replacement */
Open table_cursor
Fetch next from table_cursor
Into @ t, @ c while (@ fetch_status = 0)
Begin exec ('update ['+ @ t +'] set ['+ @ c +'] = replace (cast (['+ @ c +'] as varchar (8000) ), ''' + @ str + ''', ''' + @ str2 + ''')')
Fetch next from table_cursor
Into @ t, @ c end close table_cursor deallocate table_cursor; |
Run the above code in the SQL Server query Analyzer. You do not need to check which table and which word is broken and injected. You can quickly delete the injected field.
