Generally speaking, this SQL is only suitable for use on small databases. The loop in ASP is also inefficient. It is better not to use it in large databases. You can consider it in small databases. If it is a large database, please contact the prince to ask for another SQL query statement written by an expert. The function is: use a keyword as an index, search the entire database, and then return the table name and column name where that keyword is located. (It's great...especially when you can't find the table where the user name and password are located during the intrusion. If you can directly find the fields by entering the keyword admin...you don't have to look at each table one by one.) So Based on that statement, I wrote an asp script to facilitate searching the database in the future.
The code is as follows:
Copy the code code as follows:
<%
'Confirm a keyword's position of a database(which table & which column)
'By oldjun(http://www.oldjun.com)
'Based on huangzi(http://www.2chuizi.com)'s sql
Server.ScriptTimeout=999999999
Response.Buffer =true
On Error Resume Next
keyword=request(keyword)
if keyword= then
response.write Need keyword!
response.End
End if
dim conn
Set conn = Server.CreateObject(ADODB.Connection)
DimConnStr
'ConnectionString,Pls change!
ConnStr=Driver={SQL SERVER};Server=localhost;UID=sa;PWD=sa;Database=master
Conn.open ConnStr
conn.execute(CREATE TABLE huangzi_table(id int identity(1,1),biaoid int,biaoname nvarchar(1000)))
conn.execute(insert huangzi_table select [id],[name] from sysobjects where xtype='U')
set rs =conn.execute(select count(id) as tnum from huangzi_table)
tnum=rs(tnum)
rs.close
set rs=nothing
for i=1 to tnum
set rsbiao =conn.execute(select biaoid from huangzi_table where id=&i&)
biaoid=rsbiao(biaoid)
set rst =conn.execute(select [biaoname] from huangzi_table where biaoid=&biaoid&)
tname=rst(biaoname)
set rsl=conn.execute(select count([name]) as lnum from syscolumns where id=&biaoid&)
lnum=rsl(lnum)
for j=1 to lnum
topnum=j-1
set rslie=conn.execute(select top 1 [name] from syscolumns where id=&biaoid& and [name] not in
(select top &topnum& [name] from syscolumns where id=&biaoid&))
liename=rslie(name)
set rsresult=conn.execute(select top 1 [&liename&] from [&tname&] where CAST([&liename&] AS NVARCHAR(1000))='&keyword&')
if rsresult.bof or rsresult.eof then
'response.write Nothing-&tname&:&liename
'response.write <br>
else
result=rsresult(liename)
response.write result&(&tname&:&liename&)
response.write <br>
End if
rslie.close
setrslie=nothing
rsresult.close
set rsresult=nothing
next
rsbiao.close
setrsbiao=nothing
rst.close
setrst=nothing
rsl.close
set rsl=nothing
next
conn.execute(DROP TABLE huangzi_table)
%>
Note: The efficiency is very poor, and suspended animation may occur when using it. Please wait patiently. It is better not to use the large library. The code is simple and implements simple functions without technical content. It is reserved for future use. There is a caching problem when changing the connection statement. It is recommended to restart the browser!