批量替换sqlserver数据库挂马字段并防范sql注入攻击的代码

update 表名 set 字段名=replace(字段名,'<script src=http://c.n%75clear3.com/css/c.js></script>','')

update 表名 set 表项=replace(cast(表项 as varchar(8000)),'<script src=http:/c.nuclear3.com/css/c.js> </script> ','')

update 表名 set 表项=replace(cast(表项 as varchar(8000)),'<script src=http:/c.nuclear3.com/css/c.js> </script> ','') where id>1 and id<15000

<%
response.buffer = true '缓存页面
'防范get注入
if request.querystring <> "" then stopinjection(request.querystring)
'防范post注入
if request.form <> "" then stopinjection(request.form)
'防范cookies注入
if request.cookies <> "" then stopinjection(request.cookies)
'正则子函数
function stopinjection(values)
dim regex
set regex = new regexp
regex.ignorecase = true
regex.global = true
regex.pattern = "'|;|#|([\s\b+()]+([email=select%7cupdate%7cinsert%7cdelete%7cdeclare%7c@%7cexec%7cdbcc%7calter%7cdrop%7ccreate%7cbackup%7cif%7celse%7cend%7cand%7cor%7cadd%7cset%7copen%7cclose%7cuse%7cbegin%7cretun%7cas%7cgo%7cexists)[/s/b]select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b[/email]+]*)"
dim sitem, svalue
for each sitem in values
svalue = values(sitem)
if regex.test(svalue) then
response.write "<script language=javascript>alert('非法注入！你的行为已被记录！！');history.back(-1);</script>"
response.end
end if
next
set regex = nothing
end function
%>