|
<div class="codetitle"><a style="CURSOR: pointer" data="69329" class="copybut" id="copybut69329" onclick="doCopy('code69329')"> 代码如下:<div class="codebody" id="code69329">
declare @delStr nvarchar(500)
set @delStr='' --这里被注入的字段串
/****/ /**以下为操作实体****/
set nocount on declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(2000) set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U' open cur
fetch next from cur into @tableName,@tbID while @@fetch_status=0
begin
declare cur1 cursor for
select name from syscolumns where xtype in (231,167,239,175,35,99) and id=@tbID
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
set @sql='update [' + @tableName + '] set ['+ @columnName +']= SUBSTRING([' + @columnName + '],' + '1,PATINDEX( ''%' + @delStr + '%'',[' + @columnName + '])-1) + ' + 'SUBSTRING([' + @columnName + '],[' + @columnName + ']) + ' + 'len(''' + @delStr + '''),datalength([' + @columnName + '])) where ['+@columnName+'] like ''%'+@delStr+'%''' exec sp_executesql @sql
set @iRow=@@rowcount
set @iResult=@iResult+@iRow
if @iRow>0
begin
print '表:'+@tableName+',列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
end
fetch next from cur1 into @columnName
end
close cur1
deallocate cur1 fetch next from cur into @tableName,@tbID
end
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!' close cur
deallocate cur
set nocount off
(编辑:莱芜站长网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
