在所有数据库,所有列和所有表中搜索字符串(SQL Server 2008 R2)

时间:2015-09-02 17:45:48

标签: sql-server database tsql sql-server-2008-r2

我们的SQL Server遭遇了某种入侵。

我试图在每个数据库,每个表格中找到单词abortioncheat的每一列。

我可以使用此查询执行此操作,但只能在单个数据库中执行此操作。

-- Store results in a local temp table so that.  I'm using a
-- local temp table so that I can access it in SP_EXECUTESQL.
create table #tmp 
(
    db varchar(max),
    tbl nvarchar(max),
    col nvarchar(max),
    val nvarchar(max),
);

declare @db nvarchar(max);
declare @tbl nvarchar(max);
declare @col nvarchar(max);
declare @q nvarchar(max);

declare @search nvarchar(max) = 'abortion';

-- Create a cursor on all columns in the database
declare c cursor for
    SELECT 
        DB_NAME(DB_ID()) as DBName, tbls.TABLE_NAME, cols.COLUMN_NAME  
    FROM INFORMATION_SCHEMA.TABLES AS tbls
    JOIN INFORMATION_SCHEMA.COLUMNS AS cols ON tbls.TABLE_NAME = cols.TABLE_NAME

-- For each table and column pair, see if the search value exists.
open c

fetch next from c into @db, @tbl, @col

while @@FETCH_STATUS = 0
begin
    -- Look for the search key in current table column and if found add it to the results.
    SET @q = 'INSERT INTO #tmp SELECT ''' +@db+''',''' + @tbl + ''', ''' + @col + ''', ' + @col + ' FROM ' + @tbl + ' WHERE ' + @col + ' LIKE ''%' + @search + '%'''
    EXEC SP_EXECUTESQL @q
    fetch next from c into @db, @tbl, @col
end
close c
deallocate c

-- Get results
select distinct db,tbl,col  from #tmp

-- Remove local temp table.
drop table #tmp

我如何找到这些字符串?结果集应为:

DATABASE | TABLE | COLUMN

我不需要结果(文本字段),我需要select distinct表和列,因为在同一个表/列中会有很多abortion

1 个答案:

答案 0 :(得分:0)

虽然通常不鼓励使用未记录的sp_msforeachdb,但我的直觉是将现有代码发送到此过程,如下所示:

exec sp_MSforeachdb 'USE [?]; 
-- Store results in a local temp table so that.  I'm using a
-- local temp table so that I can access it in SP_EXECUTESQL.
create table #tmp (
 db varchar(max)   ,
    tbl nvarchar(max),
    col nvarchar(max),
    val nvarchar(max),

);

declare @db nvarchar(max);
declare @tbl nvarchar(max);
declare @col nvarchar(max);
declare @q nvarchar(max);

--------------------------------------------------------------------------------------------
declare @search nvarchar(max) = ''abortion'';
--------------------------------------------------------------------------------------------


-- Create a cursor on all columns in the database
declare c cursor for
SELECT DB_NAME(DB_ID()) as DBName,tbls.TABLE_NAME, cols.COLUMN_NAME  FROM INFORMATION_SCHEMA.TABLES AS tbls
JOIN INFORMATION_SCHEMA.COLUMNS AS cols
ON tbls.TABLE_NAME = cols.TABLE_NAME

-- For each table and column pair, see if the search value exists.
open c
fetch next from c into @db, @tbl, @col
while @@FETCH_STATUS = 0
begin
    -- Look for the search key in current table column and if found add it to the results.
    SET @q = ''INSERT INTO #tmp SELECT '''''' +@db+'''''','''''' + @tbl + '''''', '''''' + @col + '''''', '' + @col + '' FROM '' + @tbl + '' WHERE '' + @col + '' LIKE ''''%'' + @search + ''%''''''
    EXEC SP_EXECUTESQL @q
    fetch next from c into @db, @tbl, @col
end
close c
deallocate c;'

此处唯一添加的代码是第一行,对于其余代码,请确保将'替换为''?中的USE [?]是一个特殊字符,表示循环sp_MSforeachdb中当前活动的数据库执行。

相关问题
最新问题