SQL Injection Remover
From Logic Wiki
SQL INJECTION REMOVER
1st Approach
DECLARE @oid INT
DECLARE @TName NVARCHAR(50)
DECLARE MyCursor CURSOR FOR SELECT A.name, A.object_id FROM sys.tables A
OPEN MyCursor
FETCH NEXT FROM MyCursor INTO @TName, @oid
WHILE @@FETCH_STATUS = 0
BEGIN
DECLARE @ColName NVARCHAR(50)
DECLARE @ColType NVARCHAR(50)
DECLARE Cur2 CURSOR FOR
SELECT col.name, typ.name FROM sys.columns col
JOIN sys.types typ ON col.system_type_id = typ.system_type_id
AND col.user_type_id = typ.user_type_id
WHERE object_id = @oid;
OPEN Cur2
FETCH NEXT FROM Cur2 INTO @ColName, @ColType
WHILE @@FETCH_STATUS = 0
BEGIN
IF (@ColType = 'nvarchar' OR @ColType = 'varchar' OR @ColType = 'char' OR @ColType = 'text' OR @ColType = 'ntext' OR @ColType = 'nchar' )
BEGIN
DECLARE @SQL NVARCHAR(MAX)
SET @SQL = 'UPDATE ' + @TName + ' SET ' + @ColName + ' = (CASE WHEN CHARINDEX(''</title'', ' + @ColName + ') > 0 THEN SUBSTRING(' + @ColName + ',0, CHARINDEX(''</title'', ' + @ColName + ')) ELSE ' + @ColName + ' END)'
EXEC(@SQL)
--PRINT @SQL
END
FETCH NEXT FROM Cur2 INTO @ColName, @ColType
END;
CLOSE Cur2;
DEALLOCATE Cur2;
FETCH NEXT FROM MyCursor INTO @TName, @oid
END
CLOSE MyCursor
DEALLOCATE MyCursor
2nd Approach
UPDATE AppBannerItems SET BannerLink = (CASE WHEN CHARINDEX('</title', BannerLink) > 0 THEN SUBSTRING(BannerLink,0, CHARINDEX('</title', BannerLink)) ELSE BannerLink END)
UPDATE AppBranch SET Email = (CASE WHEN CHARINDEX('</title', Email) > 0 THEN SUBSTRING(Email,0, CHARINDEX('</title', Email)) ELSE Email END)
UPDATE AppBranch SET BranchMap = (CASE WHEN CHARINDEX('</title', BranchMap) > 0 THEN SUBSTRING(BranchMap,0, CHARINDEX('</title', BranchMap)) ELSE BranchMap END)
UPDATE AppBranch SET BranchAddress = (CASE WHEN CHARINDEX('</title', BranchAddress) > 0 THEN SUBSTRING(BranchAddress,0, CHARINDEX('</title', BranchAddress)) ELSE BranchAddress END)
UPDATE AppBranch SET BranchName = (CASE WHEN CHARINDEX('</title', BranchName) > 0 THEN SUBSTRING(BranchName,0, CHARINDEX('</title', BranchName)) ELSE BranchName END)
UPDATE AppContent SET ContentText = (CASE WHEN CHARINDEX('</title', ContentText) > 0 THEN SUBSTRING(ContentText,0, CHARINDEX('</title', ContentText)) ELSE ContentText END)
UPDATE AppContent SET PageTitle = (CASE WHEN CHARINDEX('</title', PageTitle) > 0 THEN SUBSTRING(PageTitle,0, CHARINDEX('</title', PageTitle)) ELSE PageTitle END)
UPDATE AppContent SET MetaDesc = (CASE WHEN CHARINDEX('</title', MetaDesc) > 0 THEN SUBSTRING(MetaDesc,0, CHARINDEX('</title', MetaDesc)) ELSE MetaDesc END)
UPDATE AppImageRaw SET ImagePath = (CASE WHEN CHARINDEX('</title', ImagePath) > 0 THEN SUBSTRING(ImagePath,0, CHARINDEX('</title', ImagePath)) ELSE ImagePath END)
UPDATE AppProduct SET ProductName = (CASE WHEN CHARINDEX('</title', ProductName) > 0 THEN SUBSTRING(ProductName,0, CHARINDEX('</title', ProductName)) ELSE ProductName END)
UPDATE AppProduct SET ProductNameEN = (CASE WHEN CHARINDEX('</title', ProductNameEN) > 0 THEN SUBSTRING(ProductNameEN,0, CHARINDEX('</title', ProductNameEN)) ELSE ProductNameEN END)
UPDATE AppProduct SET ProductDef = (CASE WHEN CHARINDEX('</title', ProductDef) > 0 THEN SUBSTRING(ProductDef,0, CHARINDEX('</title', ProductDef)) ELSE ProductDef END)
UPDATE AppProduct SET Aciklama = (CASE WHEN CHARINDEX('</title', Aciklama) > 0 THEN SUBSTRING(Aciklama,0, CHARINDEX('</title', Aciklama)) ELSE Aciklama END)
UPDATE AppProduct SET Kullanim = (CASE WHEN CHARINDEX('</title', Kullanim) > 0 THEN SUBSTRING(Kullanim,0, CHARINDEX('</title', Kullanim)) ELSE Kullanim END)
UPDATE AppProduct SET UzmanOneri = (CASE WHEN CHARINDEX('</title', UzmanOneri) > 0 THEN SUBSTRING(UzmanOneri,0, CHARINDEX('</title', UzmanOneri)) ELSE UzmanOneri END)
UPDATE AppProduct SET Icerik = (CASE WHEN CHARINDEX('</title', Icerik) > 0 THEN SUBSTRING(Icerik,0, CHARINDEX('</title', Icerik)) ELSE Icerik END)
UPDATE AppNewsTemp SET NewsCaption = (CASE WHEN CHARINDEX('</title', NewsCaption) > 0 THEN SUBSTRING(NewsCaption,0, CHARINDEX('</title', NewsCaption)) ELSE NewsCaption END)
UPDATE AppNewsTemp SET NewsSummary = (CASE WHEN CHARINDEX('</title', NewsSummary) > 0 THEN SUBSTRING(NewsSummary,0, CHARINDEX('</title', NewsSummary)) ELSE NewsSummary END)
UPDATE AppNewsTemp SET NewsContent = (CASE WHEN CHARINDEX('</title', NewsContent) > 0 THEN SUBSTRING(NewsContent,0, CHARINDEX('</title', NewsContent)) ELSE NewsContent END)
UPDATE AppPress SET CaptionText = (CASE WHEN CHARINDEX('</title', CaptionText) > 0 THEN SUBSTRING(CaptionText,0, CHARINDEX('</title', CaptionText)) ELSE CaptionText END)
UPDATE SysMenu SET NavigateURL = (CASE WHEN CHARINDEX('</title', NavigateURL) > 0 THEN SUBSTRING(NavigateURL,0, CHARINDEX('</title', NavigateURL)) ELSE NavigateURL END)
UPDATE SysMenu SET MenuName = (CASE WHEN CHARINDEX('</title', MenuName) > 0 THEN SUBSTRING(MenuName,0, CHARINDEX('</title', MenuName)) ELSE MenuName END)
UPDATE SysParameters SET ParamT = (CASE WHEN CHARINDEX('</title', ParamT) > 0 THEN SUBSTRING(ParamT,0, CHARINDEX('</title', ParamT)) ELSE ParamT END)
UPDATE SysParameters SET ParamName = (CASE WHEN CHARINDEX('</title', ParamName) > 0 THEN SUBSTRING(ParamName,0, CHARINDEX('</title', ParamName)) ELSE ParamName END)
UPDATE SysParameters SET ParamC = (CASE WHEN CHARINDEX('</title', ParamC) > 0 THEN SUBSTRING(ParamC,0, CHARINDEX('</title', ParamC)) ELSE ParamC END)
UPDATE AppNews SET NewsContent = (CASE WHEN CHARINDEX('</title', NewsContent) > 0 THEN SUBSTRING(NewsContent,0, CHARINDEX('</title', NewsContent)) ELSE NewsContent END)
UPDATE AppNews SET NewsCaption = (CASE WHEN CHARINDEX('</title', NewsCaption) > 0 THEN SUBSTRING(NewsCaption,0, CHARINDEX('</title', NewsCaption)) ELSE NewsCaption END)
UPDATE AppNews SET NewsSummary = (CASE WHEN CHARINDEX('</title', NewsSummary) > 0 THEN SUBSTRING(NewsSummary,0, CHARINDEX('</title', NewsSummary)) ELSE NewsSummary END)
UPDATE AppGallery SET VideoLink = (CASE WHEN CHARINDEX('</title', VideoLink) > 0 THEN SUBSTRING(VideoLink,0, CHARINDEX('</title', VideoLink)) ELSE VideoLink END)
