sql server查询数据库中包含指定字符串的数据表
发布一个实用小工具,可以很方便的在数据库中找到包含指定字符串的数据表名及相应记录:
/*
功能:查询数据库中包含指定字符串的数据表名及相应记录
作者:陈加鹏 chjpeng#163.com
日期:2009-08-17
*/
declare @key varchar(30)
set @key = 'test' --替换为要查找的字符串
DECLARE @tabName VARCHAR(40),@colName VARCHAR(40)
DECLARE @sql VARCHAR(2000)
declare @tsql varchar(8000)
DECLARE tabCursor CURSOR FOR
SELECT name from sysobjects WHERE xtype = 'u' AND name <> 'dtproperties'
OPEN tabCursor
FETCH NEXT from tabCursor INTO @tabName
WHILE @@fetch_status = 0
BEGIN
set @tsql = ''
DECLARE colCursor CURSOR FOR Select Name from SysColumns Where id=Object_Id(@tabName) and xtype=167
OPEN colCursor
FETCH NEXT from colCursor INTO @colName
WHILE @@fetch_status = 0
BEGIN
SET @sql = 'if(exists(select * from ' + @tabName + ' where '
SET @sql = @sql + @colName + ' like ''%' + @key + '%'')) begin select * from '
set @sql = @sql + @tabName + ' where ' + @colName + ' like ''%' + @key + '%'';select '''
+ @tabName + ''' as TableName end'
set @tsql = @tsql + @sql + ';'
FETCH NEXT from colCursor INTO @colName
END
exec(@tsql)
CLOSE colCursor
DEALLOCATE colCursor
FETCH NEXT from tabCursor INTO @tabName
END
CLOSE tabCursor
DEALLOCATE tabCursor
相关文档:
数学函数
1.绝对值
S:select abs(-1) value
O:select abs(-1) value from dual
2.取整(大)
S:select ceiling(-1.001) value
O:select ceil(-1.001) value from dual
3.取整(小)
S:select floor(-1.001) value
O:select floor(-1.001) value from dual
4.取整(截取)
S:select cast(-1.002 as in ......
Sample1:
/* Variable Declaration */
DECLARE @EmpID AS SMALLINT
DECLARE @SQLQuery AS NVARCHAR(500)
/* Build and Execute a Transact-SQL String with a single parameter value Using EXECUTE Command */
SET @EmpID = 1001
SET @SQLQuery = 'SELECT * from tblEmployees WHERE EmployeeID = ' + CAST(@EmpID A ......
下面的这些脚本都可以找到引起磁盘排序的SQL。
SELECT /*+ rule */ DISTINCT a.SID, a.process, a.serial#,
TO_CHAR (a.logon_time, 'YYYYMMDD HH24:MI:SS') LOGON, a.osuser,TABLESPACE, b.sql_text
from v$session a, v$sql b, v$sort_usage c
WHERE a.sql_address = b.address AND a.saddr = c.session_addr;
......
如果是类似"select * from user where uid="+uid +" and pwd="+pwd 很容易出问题
使用 SQLParamenter
把你的SQL语句写成 类似存储过程 ......
1、 SQL注入攻击的本质:让客户端传递过去的字符串变成SQL语句,而且能够被执行。
2、 每个程序员都必须肩负起防止SQL注入攻击的责任。
说起防止SQL注入攻击,感觉很郁闷,这么多年了大家一直在讨论,也一直在争论,可是到了现在似乎还是没有定论。当不知道注入原理的时候会觉得很神奇,怎么就被注入了呢? ......