关于数据库批量注入，及批量清除的方法［原创］

以下代码为我幸苦所得，如需转载请保留原出处首发 www.yangxiaoyong.com 杨小勇--批量注入字符串DECLARE @T varchar(255),@C varchar(255)DECLARE Table_Cursor CURSORFOR select a.name,b.namefrom sysobjects a,syscolumns bwhere a.id = b.idand a.xtype = 'u'and ( b.xtype = 99or b.xtype = 35or b.xtype = 231or b.xtype = 167)OPEN Table_CursorFETCH NEXT FROM Table_Cursor INTO @T, @CWHILE( @@FETCH_STATUS = 0 )BEGINexec( 'update [' + @T + '] set [' + @C + ']=rtrim(convert(varchar,['+ @C + ']))+''''' )FETCH NEXT FROM Table_Cursor INTO @T, @CENDCLOSE Table_CursorDEALLOCATE Table_Cursor--批量清除字符串（针对nvarchar,ntext均非常有效）DECLARE @T varchar(255),@C varchar(255)DECLARE Table_Cursor CURSORFOR select a.name,b.namefrom sysobjects a,syscolumns bwhere a.id = b.idand a.xtype = 'u'and ( b.xtype = 99or b.xtype = 35or b.xtype = 231or b.xtype = 167)OPEN Table_CursorFETCH NEXT FROM Table_Cursor INTO @T, @CWHILE( @@FETCH_STATUS = 0 )BEGINexec( 'update [' + @T + '] set [' + @C + ']=replace(cast(['+@C+'] as varchar(8000)),'''',''成功'')' )FETCH NEXT FROM Table_Cursor INTO @T, @CENDCLOSE Table_CursorDEALLOCATE Table_Cursor--批量清除字符串（对于nvarchar有限，对于ntext无效）DECLARE @T varchar(255),@C varchar(255)DECLARE Table_Cursor CURSORFOR select a.name,b.namefrom sysobjects a,syscolumns bwhere a.id = b.idand a.xtype = 'u'and ( b.xtype = 99or b.xtype = 35or b.xtype = 231or b.xtype = 167)OPEN Table_CursorFETCH NEXT FROM Table_Cursor INTO @T, @CWHILE( @@FETCH_STATUS = 0 )BEGINexec( 'update [' + @T + '] set [' + @C + ']=replace(['+@C+'],'''',''成功'')' )FETCH NEXT FROM Table_Cursor INTO @T, @CENDCLOSE Table_CursorDEALLOCATE Table_Cursor