declare @delStr varchar(8000) set @delStr='</title><style>.a84c{position:absolute;clip:rect(476px,auto,auto,476px);}</style><div class=a84c' set nocount on declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int declare @sql nvarchar(500) set @iResult=0 declare cur cursor for select name,id from sysobjects where xtype='U' open cur fetch next from cur into @tableName,@tbID while @@fetch_status=0 begin declare cur1 cursor for --xtype in (231,167,239,175,99,35) 为char,varchar,nchar,nvarchar,ntext,text类型 select name from syscolumns where xtype in (231,167,239,175,99,35) and id=@tbID open cur1 fetch next from cur1 into @columnName while @@fetch_status=0 begin set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(cast(['+@columnName+'] as varchar(8000)),'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%''' --update tablename set fieldA=replace(cast(fieldA as varchar(8000)) ,'aa','bb')这样的语句。 exec sp_executesql @sql set @iRow=@@rowcount set @iResult=@iResult+@iRow if @iRow>0 begin print '表:'+@tableName+' ,列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;' end fetch next from cur1 into @columnName end close cur1 deallocate cur1 fetch next from cur into @tableName,@tbID end print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!' close cur deallocate cur set nocount off
上面就是批量删除数据库中所有字符串后面被挂JS木马的批量删除语句,记录下。