LSX-blog

Feed Rss

【原创】遍历数据库字段

11.28.2011, MSSQL, by .

最近领导让看一下数据库是否有问题,怀疑可能有注入,但也不能确认,随后要检查数据库,数据库太多了,我不可能一个一个的看,下面是通过SQL语句来实现,遍历查找:
declare @word nvarchar(20)
set @word=’5sejk.com’ //查找的字段中的内容
–取出数据库所有表名
declare tables cursor for
SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype=’u' AND (b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167)

declare @tablename sysname,@field sysname
open tables
fetch next from tables into @tablename,@field
while(@@fetch_status=0)
begin
declare @sql nvarchar(500)
set @sql= ’declare @count int; select @count=count(1) from ['+@tablename+'] where convert(nvarchar(100),['+@field+']) like ”’+'%’+@word+’%”;’+’if(@count>0) print ”’+@tablename+”+’(‘+”+@field+’)”’
exec(@sql)
fetch next from tables into @tablename,@field
end
close tables
deallocate tables

【原创】遍历数据库字段 有 54 条回应

  1. Hi there, just became aware of your blog through Google,
    and found that it’s really informative. I am going to watch out for
    brussels. I will appreciate if you continue this in future.

    A lot of people will be benefited from your writing.

    Cheers!

    回复
  2. Magnificent web site. Plenty of helpful information here.
    I am sending it to some buddies ans also sharing in delicious.
    And naturally, thank you in your sweat!

    回复
  3. Thanks for sharing your thoughts about mssql.
    Regards

    回复
  4. Hey very interesting blog!

    回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注