MSSQL

애니위즈 2011. 3. 15. 19:21

SQL에 인젝션공격이 들어왔을때 빠르게 정리해봅시다.

 

컬럼이 일반일때
UPDATE  ZipCode
SET         ZIPCODE = REPLACE(ZIPCODE,
                '<script src=http://www.xzjiayuan.com/ad/yahoo.js></script>', '')
WHERE   (ZIPCODE LIKE '%<script src=http://www.xzjiayuan.com/ad/yahoo.js></script>%')

 

컬럼이 텍스트형식일때
UPDATE  b_envpro

SET         content = replace(cast(content as varchar(8000)), '?script src=http://www.mir2games.com/aa/a.js></script>', '')
WHERE   (content LIKE '%?script src=http://www.mir2games.com/aa/a.js></script>%')