整體而言,這段SQL只適合用在小型資料庫上,ASP的循環也沒效率,大函式庫還是別用了,小函式庫可以考慮。如果是大函式庫的話,請聯絡皇子要另外一份牛人寫的SQL查詢語句。功能是:以一個關鍵字為索引,搜尋整個資料庫,然後傳回那個關鍵字所在的表名和列名。 (很讚...特別是入侵的時候找不到用戶名與密碼所在的表的時候,如果能直接透過輸入admin這個關鍵字找出欄位...省得一個表格的看了。)於是根據那段語句,寫了個asp的腳本,方便大家以後搜尋資料庫。
程式碼如下:
複製代碼代碼如下:
<%
'Confirm a keyword's position of a database(which table & which column)
'By oldjun(http://www.oldjun.com)
'Based on huangzi(http://www.2chuizi.com)'s sql
Server.ScriptTimeout=999999999
Response.Buffer =true
On Error Resume Next
keyword=request(keyword)
if keyword= then
response.write Need keyword!
response.End
End if
dim conn
Set conn = Server.CreateObject(ADODB.Connection)
Dim ConnStr
'ConnectionString,Pls change!
ConnStr=Driver={SQL SERVER};Server=localhost;UID=sa;PWD=sa;Database=master
Conn.open ConnStr
conn.execute(CREATE TABLE huangzi_table(id int identity(1,1),biaoid int,biaoname nvarchar(1000)))
conn.execute(insert huangzi_table select [id],[name] from sysobjects where xtype='U')
set rs =conn.execute(select count(id) as tnum from huangzi_table)
tnum=rs(tnum)
rs.close
set rs=nothing
for i=1 to tnum
set rsbiao =conn.execute(select biaoid from huangzi_table where id=&i&)
biaoid=rsbiao(biaoid)
set rst =conn.execute(select [biaoname] from huangzi_table where biaoid=&biaoid&)
tname=rst(biaoname)
set rsl=conn.execute(select count([name]) as lnum from syscolumns where id=&biaoid&)
lnum=rsl(lnum)
for j=1 to lnum
topnum=j-1
set rslie=conn.execute(select top 1 [name] from syscolumns where id=&biaoid& and [name] not in
(select top &topnum& [name] from syscolumns where id=&biaoid&))
liename=rslie(name)
set rsresult=conn.execute(select top 1 [&liename&] from [&tname&] where CAST([&liename&] AS NVARCHAR(1000))='&keyword&')
if rsresult.bof or rsresult.eof then
'response.write Nothing-&tname&:&liename
'response.write <br>
else
result=rsresult(liename)
response.write result&(&tname&:&liename&)
response.write <br>
End if
rslie.close
set rslie=nothing
rsresult.close
set rsresult=nothing
next
rsbiao.close
set rsbiao=nothing
rst.close
set rst=nothing
rsl.close
set rsl=nothing
next
conn.execute(DROP TABLE huangzi_table)
%>
註:效率很差,使用時可能出現假死, 請耐心等待,大庫還是別用了;程式碼簡單,實現的簡單功能,沒技術含量,留著以後備用;換連接語句的時候有個快取問題,建議重啟下瀏覽器!