using System.Data.SqlClient;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{}
string dataName = "";
string tableName = "";
string datafield = "";
string S_str = "";
string ReS_str = "";
string LogName = "";
string LogPsw = "";
protected void Button1_Click(object sender, EventArgs e)
{
dataName = txtDb.Text.Trim();// 数据库名
tableName = txtTb.Text.Trim();//表名
datafield = txtField.Text.Trim();//列名
S_str = txtTheStr.Text.Trim();//清理的字符串
ReS_str = txtStr.Text.Trim();//被清理的字符串
LogName = txtLogName.Text.Trim();//数据库登录名
LogPsw = txtLogPsw.Text.Trim();//数据库登录密码
//集成验证
//string strcon = @"Data Source=.;Initial Catalog="+dataName+";Integrated Security=True";
string strcon =@"server=localhost;database="+dataName+";UID="+LogName+" ;PassWord="+LogPsw;
SqlConnection con = new SqlConnection();
con.ConnectionString = strcon;
SqlCommand com = con.CreateCommand();
//创建内存表
DataTable myTempTb = new DataTable();
myTempTb.Columns.Add("Id");
myTempTb.Columns.Add("Content");
//
com.CommandText = "select ID,"+datafield+" from "+tableName;
SqlDataReader dr;
con.Open();
try
{
dr = com.ExecuteReader();
//清理数据
string Contentstr = "";
while(dr.Read())
{
string Id = dr[0].ToString();
Contentstr = dr[1].ToString();
Contentstr = Contentstr.Replace(S_str, ReS_str);
//清理后暂时存在内存表中
myTempTb.Rows.Add(new object[] { Id, Contentstr });
}
dr.Close();
dr.Dispose();
con.Close();
con.Dispose();
//回填数据
for (int i = 0; i < myTempTb.Rows.Count; i++) { string id =""; id= myTempTb.Rows[0].ToString();
Contentstr = myTempTb.Rows[1].ToString();
execTheRe(id, Contentstr);
}
Response.Write("");}
catch (Exception ex)
{
Response.Write("");
}
}
private void execTheRe(string id, string content)
{
try
{
string strcon = @"server=localhost;database=" + dataName + ";UID=" + LogName + " ;PassWord=" + LogPsw;
SqlConnection con = new SqlConnection();
con.ConnectionString = strcon;
SqlCommand com = con.CreateCommand();
con.Open();
com.CommandText = "update " + tableName + " set " + datafield + "=@content where ID=" + id;
SqlParameter myPar;
myPar = new SqlParameter("@content", SqlDbType.Text);
myPar.Value = content;
com.Parameters.Add(myPar);
com.ExecuteNonQuery();
con.Close();
}
catch (Exception ex)
{
Response.Write("");
}
}
}
mysql数据库恶意代码注入的清理
未经允许不得转载:席天卷地个人博客 » mysql数据库恶意代码注入的清理
相关推荐
-      centos mysql 因Out of memory停止服务
-      mysql数据库损坏导致destoon和wordpress出错修复
-      帝国mysql数据库比较及统计
-      MSSQL清理日志并压缩数据库
-      ecshop数据库结构分析图
-      CentOS 5.x源码编译安装一键安装LAMP(Apache MySQL PHP)
-      mysql(phpmyadmin)忘记密码处理方法
-      mysql实现远程连接的具体步骤
评论前必须登录!
注册