1. 首頁
  2. 問答
  3. 在所有數據庫,所有列和所有表中搜索字符串(SQL Server 2008 R2)

在所有數據庫,所有列和所有表中搜索字符串(SQL Server 2008 R2)

2015-09-02 78 views
0

我們在SQL Server中遭受某種入侵。在所有數據庫,所有列和所有表中搜索字符串(SQL Server 2008 R2)

我試圖在每個數據庫中查找每個表格中每個列的單詞abortioncheat

我可以用這個查詢做到這一點,但在一個單一的數據庫。

-- Store results in a local temp table so that. I'm using a 
-- local temp table so that I can access it in SP_EXECUTESQL. 
create table #tmp 
(
    db varchar(max), 
    tbl nvarchar(max), 
    col nvarchar(max), 
    val nvarchar(max), 
); 

declare @db nvarchar(max); 
declare @tbl nvarchar(max); 
declare @col nvarchar(max); 
declare @q nvarchar(max); 

declare @search nvarchar(max) = 'abortion'; 

-- Create a cursor on all columns in the database 
declare c cursor for 
    SELECT 
     DB_NAME(DB_ID()) as DBName, tbls.TABLE_NAME, cols.COLUMN_NAME 
    FROM INFORMATION_SCHEMA.TABLES AS tbls 
    JOIN INFORMATION_SCHEMA.COLUMNS AS cols ON tbls.TABLE_NAME = cols.TABLE_NAME 

-- For each table and column pair, see if the search value exists. 
open c 

fetch next from c into @db, @tbl, @col 

while @@FETCH_STATUS = 0 
begin 
    -- Look for the search key in current table column and if found add it to the results. 
    SET @q = 'INSERT INTO #tmp SELECT ''' [email protected]+''',''' + @tbl + ''', ''' + @col + ''', ' + @col + ' FROM ' + @tbl + ' WHERE ' + @col + ' LIKE ''%' + @search + '%''' 
    EXEC SP_EXECUTESQL @q 
    fetch next from c into @db, @tbl, @col 
end 
close c 
deallocate c 

-- Get results 
select distinct db,tbl,col from #tmp 

-- Remove local temp table. 
drop table #tmp

我怎樣才能找到這些字符串?結果集應該是:

DATABASE | TABLE | COLUMN

我不需要的結果(文本字段),我需要爲select distinct表和列,因爲這將是一個很大的abortion在同一個表/列。

來源

2015-09-02 Rafael Piccinelli

+0

http://stackoverflow.com/questions/9185871/how-to-search-sql-server-database-for-string或[SQL Search](http://www.red-gate.com/products/) sql-development/sql-search /)或[sp_searchtable](https://gallery.technet.microsoft.com/scriptcenter/c0c57332-8624-48c0-b4c3-5b31fe641c58) – lad2025

+0

hello,thank you @ lad2025但這些查詢都不是可以幫我。最後一個搜索每個數據庫都不起作用的最後一個。 –

+0

既然這是一個一次性的事情,爲什麼你不能爲每個數據庫運行它?另外,在您修復數據之前,我希望您修復了sql注入漏洞。毫無疑問,這是發生了什麼事。 –

回答

0

雖然一般不鼓勵使用無證sp_msforeachdb,我的本能會現有的代碼發送到這個過程是這樣的:

exec sp_MSforeachdb 'USE [?]; 
-- Store results in a local temp table so that. I'm using a 
-- local temp table so that I can access it in SP_EXECUTESQL. 
create table #tmp (
db varchar(max) , 
    tbl nvarchar(max), 
    col nvarchar(max), 
    val nvarchar(max), 

); 

declare @db nvarchar(max); 
declare @tbl nvarchar(max); 
declare @col nvarchar(max); 
declare @q nvarchar(max); 

-------------------------------------------------------------------------------------------- 
declare @search nvarchar(max) = ''abortion''; 
-------------------------------------------------------------------------------------------- 


-- Create a cursor on all columns in the database 
declare c cursor for 
SELECT DB_NAME(DB_ID()) as DBName,tbls.TABLE_NAME, cols.COLUMN_NAME FROM INFORMATION_SCHEMA.TABLES AS tbls 
JOIN INFORMATION_SCHEMA.COLUMNS AS cols 
ON tbls.TABLE_NAME = cols.TABLE_NAME 

-- For each table and column pair, see if the search value exists. 
open c 
fetch next from c into @db, @tbl, @col 
while @@FETCH_STATUS = 0 
begin 
    -- Look for the search key in current table column and if found add it to the results. 
    SET @q = ''INSERT INTO #tmp SELECT '''''' [email protected]+'''''','''''' + @tbl + '''''', '''''' + @col + '''''', '' + @col + '' FROM '' + @tbl + '' WHERE '' + @col + '' LIKE ''''%'' + @search + ''%'''''' 
    EXEC SP_EXECUTESQL @q 
    fetch next from c into @db, @tbl, @col 
end 
close c 
deallocate c;'

這裏唯一添加的代碼是第一線,爲其餘代碼只需確保將'替換爲''即可。 USE [?]中的?是一個特殊字符,表示sp_MSforeachdb循環中當前活動的數據庫執行。

來源

2015-09-02 18:20:08 larsts

+0

謝謝,我正在測試它。這是我想要做的,但我不能。 –

相關問題

 相關問題