sql2005全库查找关键字

转载地址： http://blog.csdn.net/jimlong/article/details/6875254

有个客户的自助建站的数据库很多表加入了木马的脚本，在网上找到了这个好用的东东，可以在整个数据库的所有表，所有字段中查找关键字，终于把挂马的脚本给删除了

 

--全数据库查找适合SQL2005

--运行存储过程
exec [sp_Search_All_DataBase] @v_search_text='查找关键字内容'

exec [sp_Search_All_DataBase] @v_search_text=''

 

--这个存储过程，查找到关键字的表和字段就会print出来

--新建存储过程
create procedure [sp_Search_All_DataBase]
@v_search_text varchar(500)

AS
declare @v_sql nvarchar(300)
declare @v_tab_name varchar(50)
declare @v_colu_name varchar(50)
declare @cot int
declare c_tab_col_name cursor for
    select distinct sysobjects.name as tab_name,syscolumns.name as colu_name
FROM syscolumns, sysobjects, systypes
WHERE sysobjects.id = syscolumns.id AND systypes.type = syscolumns.type AND sysobjects.type='u'
order by sysobjects.name,syscolumns.name

Open c_tab_col_name
Fetch next From c_tab_col_name Into @v_tab_name,@v_colu_name

While(@@Fetch_Status = 0)
BEGIN
SET NOCOUNT ON;

set @v_sql= 'select @cot=count(1) from '+ @v_tab_name + ' where '+ @v_colu_name + ' like ''%' + @v_search_text+'%'''
--Print @v_sql

begin try
exec sp_executesql @v_sql,N'@cot int output',@cot output
--print @@error
--print @cot
if @@error=0 and @cot>0
begin
--   print @cot
--print 'select * from '+ @v_tab_name + ' where '+ @v_colu_name + ' like ''%' + @v_search_text+'%'''

--拼装出来删除挂马的脚本
 set @v_sql= 'update '+ @v_tab_name + ' set '+ @v_colu_name + ' = replace(cast('+ @v_colu_name + ' AS varchar(8000)), ''' + @v_search_text+''','''') '
print @v_sql
--exec sp_executesql   @v_sql
end
end try
begin catch
-- print @@error
-- print @@error
end catch

Fetch next From c_tab_col_name Into @v_tab_name,@v_colu_name
END

Close c_tab_col_name
Deallocate c_tab_col_name