SQL Server更新&将垃圾邮件替换为" text"和" ntext"领域

时间:2016-01-16 01:20:43

标签: php sql-server sql-server-2008 iis-7

首先,感谢您抽出时间看看这个问题。

旧数据库表中注入了超过14k个垃圾邮件链接,其中许多都在text和ntext字段中。我编写了一个SQL查询,它运行并更新任何不是" text"或" ntext"类型,但不幸的是它没有更新"文本"或" ntext"根本没有。

有关数据库的简要信息:它在IIS7上运行,是SQL Server 2008,并且启用了PHP(版本5.3)。不幸的是,我有非常有限的能力直接或从控制面板更新数据库(否​​则这将被迅速处理)所以我在PHP中编写此脚本以自动更新受损表。此表单中的脚本运行时没有错误,但是我在text或ntext字段中没有任何更新。

脚本如下:

//Basic DB Connection
$conn = database_info;
$sql = "SELECT * FROM pages_test_only";  
$result = sqlsrv_query($conn, $sql);

//Loop to scrub each table
foreach(sqlsrv_field_metadata($result) as $fieldMetadata) 
{
    //The loop here updates each section of spam (starting with </title>) with "" (empty/null)
    //and leaves other content intact.  The double quotes in the spam are escaped (\").

    //Text update - if the field type is 'text'
    if ($fieldMetadata['Type'] == -1) 
    { 
    $sqlupdate = "UPDATE pages_test_only SET ".$fieldMetadata['Name']." = CAST(REPLACE(CAST(".$fieldMetadata['Name']." as nvarchar(6000)), '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', '') AS text";
    }
    //Ntext update - if the field type is 'ntext'
    elseif ($fieldMetadata['Type'] == -10) 
    { 
    $sqlupdate = "UPDATE pages_test_only SET ".$fieldMetadata['Name']." = CAST(REPLACE(CAST(".$fieldMetadata['Name']." as nvarchar(6000)), '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', '') AS ntext";
    }
    //Any other update - if the field contains the spam, but is of any other type [this is working]
    else
    {
    $sqlupdate = "UPDATE pages_test_only SET ".$fieldMetadata['Name']." = REPLACE(".$fieldMetadata['Name'].", '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', '')";
    }

    //Send to DB
    $res = sqlsrv_query($conn, $sqlupdate);

}

我知道永久地将text和ntext字段转换为nvarchar是理想的,但是出于这些目的,我需要表结构在脚本完成时保持原样。

此外,如果您知道一种方法来提取列元数据而无需在SQL Server 2008中选择所有内容,我将非常感谢这些信息,因为它将加快我对实际表的查询。

请让我知道您看到的问题,并再次非常感谢您的时间。

修改

虽然主要问题仍然存在,但我只能使用此查询输入字段名称和类型:

$sql = "SELECT COLUMN_NAME, DATA_TYPE FROM information_schema.columns WHERE TABLE_NAME = 'pages_test_only'";
$result = sqlsrv_query($conn, $sql);

它在while循环中应用:

while($row = sqlsrv_fetch_array($result)){
    echo $row['COLUMN_NAME']."<br />";
    echo $row['DATA_TYPE']."<br />";

    //update - text type
    if ($row['DATA_TYPE'] == 'text') 
    { 
    echo "This column is a text column.<br />";
    $sqlupdate = "UPDATE pages_test_only SET ".$row['COLUMN_NAME']." = CAST(REPLACE(CAST(".$row['COLUMN_NAME']." as nvarchar(1000)), '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', 'test') AS text";
    }
    //update - ntext type 
    elseif ($row['DATA_TYPE'] == 'ntext') 
    { 
    echo "This column is a ntext column.<br />";
    $sqlupdate = "UPDATE pages_test_only SET ".$row['COLUMN_NAME']." = CAST(REPLACE(CAST(".$row['COLUMN_NAME']." as nvarchar(1000)), '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', 'test') AS ntext";
    }
    //update - any other type
    else
    {
    $sqlupdate = "UPDATE pages_test_only SET ".$row['COLUMN_NAME']." = REPLACE(".$row['COLUMN_NAME'].", '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', 'test')";
    }
$res = sqlsrv_query($conn, $sqlupdate);
}

1 个答案:

答案 0 :(得分:0)

我有点尴尬,但我遇到的问题是语法问题。我在每个SQL语句的末尾都忘记了一个括号。话虽如此,这里是 最终的,更新的工作集:

//basic connection information
$serverName = "dbhost.etc"; //serverName\instanceName
$connectionInfo = array( "Database"=>"db_name", "UID"=>"db_user", "PWD"=>"db_pass");
$conn = sqlsrv_connect( $serverName, $connectionInfo);

//connection check
if( $conn ) 
{
 echo "Connection established.<br /><br />";
}
else
{
 echo "Connection could not be established.<br />";
 die( print_r( sqlsrv_errors(), true));
}

//this selects ONLY the column name and type from the table
$sql = "SELECT COLUMN_NAME, DATA_TYPE FROM information_schema.columns WHERE TABLE_NAME = 'table_name'";
$result = sqlsrv_query($conn, $sql);

//a loop is set up for each column that checks for data type and casts/updates accordingly
while($row = sqlsrv_fetch_array($result))
{

    //update - text type
    if ($row['DATA_TYPE'] == 'text') 
    { 
    $sqlupdate = "UPDATE table_name SET ".$row['COLUMN_NAME']." = CAST(REPLACE(CAST(".$row['COLUMN_NAME']." as nvarchar(max)), 'string', 'replacement') AS text)";
    }
    //update - ntext type 
    elseif ($row['DATA_TYPE'] == 'ntext') 
    { 
    $sqlupdate = "UPDATE table_name SET ".$row['COLUMN_NAME']." = CAST(REPLACE(CAST(".$row['COLUMN_NAME']." as nvarchar(max)), 'string', 'replacement') AS ntext)";
    }
    //update - any other type
    else
    {
    $sqlupdate = "UPDATE table_name SET ".$row['COLUMN_NAME']." = REPLACE(".$row['COLUMN_NAME'].", 'string', 'replacement')";
    }


    $res = sqlsrv_query($conn, $sqlupdate);

}
相关问题
最新问题