新做了个asp的数据库修复工具

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>修复sql2000数据库的ntext字段</title>
</head>

<body><%
txt= percoletionword (request.Form("txt"))
zd= percoletionword (request.Form("zd"))
bm= percoletionword (request.Form("bm"))
sy= percoletionword (request.Form("sy"))
function percoletionword (word)
percoletionword=replace(word,"<","&lt;")
percoletionword=replace(percoletionword,">","&gt;")
end function %>
<form action="#" method="post"><input name="bm" type="text" value="表名" />
<input name="zd" type="text" value="字段名" />
<input name="sy" type="text" value="索引" /><input name="txt" type="text" value="要过滤的字段" />
<input name="" type="submit" value="提交" /></form>
declare @ptr varbinary(16)<br />
declare @artId int<br />
declare @Position int,@len int<br />
set @len = datalength('')<br />
declare wux_Cursor scroll Cursor<br />
for<br />
select textptr(<%=zd%>),<%=sy%> from <%=bm%><br />
for read only<br />
open wux_Cursor<br />
fetch next from wux_Cursor into @ptr,@artId<br />
while @@fetch_status=0<br />
begin<br />
select @Position=patindex('<%=txt%>',<%=zd%>) from <%=bm%> where <%=sy%>=@artId<br />
while @Position&gt;0<br />
begin<br />
set @Position=@Position-1<br />
updatetext <%=bm%>.<%=zd%> @ptr @Position @len ''<br />
select @Position=patindex('<%=txt%>',<%=zd%>) from <%=bm%> where <%=sy%>=@artId<br />
end<br />
fetch next from wux_Cursor into @ptr,@artId<br />
end<br />
close wux_cursor<br />
deallocate wux_cursor<br />
go
</body>
</html>
 

将文件保存为sql1.asp 运行之，填写好字段名和要过滤的字符串。即刻生成sql代码。粘贴到查询分析器中执行即可。

此工具用于过滤被注入代码后的sql2000型数据库。。谁都会写的东西就是没有人写的东西。。。。。

对于非ntext型字段。则有如下工具

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
'数据库连接
connstr="Provider=SQLOLEDB.1;User ID=sa;Password=101010;Persist Security Info=True;Initial Catalog=test;Data Source=(local)"
set conn=server.createobject("ADODB.CONNECTION")
conn.open connstr
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>数据库替换</title>
</head>
<%
if request.Form("string")<>"" then
xx= percoletionword (request.Form("string"))

function percoletionword (word)
percoletionword=replace(word,"<","&lt;")
percoletionword=replace(percoletionword,">","&gt;")
end function
SQL = "select * from sysobjects where type = 'U'"
set rs=conn.execute(sql)
do while not rs.eof
%>

<%
SQL = "select * from syscolumns where id=object_id('"&rs("name")&"')"
'SQL = "select name from syscolumns where id=object_id('"&rs("name")&"')"
set rs1=conn.execute(sql)
do while not rs1.eof
if InStr(rs1("name"),"id") or InStr(rs1("name"),"time") then
else%>
<% n=n+1%>
<div style="width:1000px; height:22px; >
Update <%=rs("name")%> SET <%=rs1("name")%> = REPLACE(<%=rs1("name")%>,'<% = xx%>','')---<% =n/2%><br></div>

<%
end if
rs1.movenext
loop
   rs1.close
 Set rs1 = Nothing
rs.movenext
loop
   rs.close
 Set rs = Nothing
end if
%>
<body>
<form action="#" method="post"><input name="string" type="text"  value="要过滤的字段"/>
<input name="" type="submit" value="提交" /></form>
</body>
</html>