在数据库

时间:2017-09-12 21:57:56

标签: sql-server search

我在这个网站上发现了一些SQL代码,它会搜索所有表中的字符串并返回结果,而不需要由于我们环境中的限制而提升权限。这运行时无需创建存储过程或创建表,似乎工作正常。但是,表和列名称不会像我在Microsoft SQL Server Management Studio中看到的那样返回,我无法确定这实际指的是哪些表和列。

结果的一行如下所示(注意:查询返回数千行,具体取决于搜索字符串)。任何帮助表示赞赏。

结果:

ColumnName                      ColumnValue
--------------------------------------------
[dbo].[T1005].[C303497400]      NES Echelon

这些结果与

相关
ColumnName                                      ColumnValue
-------------------------------------------------------------    
[dbo].[AST_Application].[Application_Name]      NES Echelon

代码

    DECLARE @SearchStr nvarchar(100) = 'SEARCH_TEXT'
    DECLARE @Results TABLE (ColumnName nvarchar(370), ColumnValue nvarchar(3630))

    SET NOCOUNT ON

    DECLARE @TableName nvarchar(256), @ColumnName nvarchar(128), @SearchStr2 nvarchar(110)
    SET  @TableName = ''
    SET @SearchStr2 = QUOTENAME('%' + @SearchStr + '%','''')

    WHILE @TableName IS NOT NULL
    BEGIN
        SET @ColumnName = ''
        SET @TableName = 
        (
            SELECT MIN(QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME))
            FROM INFORMATION_SCHEMA.TABLES
            WHERE TABLE_TYPE = 'BASE TABLE'
              AND QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME) > @TableName
              AND OBJECTPROPERTY(
                OBJECT_ID(
                    QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME)
                     ), 'IsMSShipped'
                       ) = 0
)

WHILE (@TableName IS NOT NULL) AND (@ColumnName IS NOT NULL)
BEGIN
    SET @ColumnName =
    (
        SELECT MIN(QUOTENAME(COLUMN_NAME))
        FROM     INFORMATION_SCHEMA.COLUMNS
        WHERE         TABLE_SCHEMA    = PARSENAME(@TableName, 2)
            AND    TABLE_NAME    = PARSENAME(@TableName, 1)
            AND    DATA_TYPE IN ('char', 'varchar', 'nchar', 'nvarchar', 'int', 'decimal')
            AND    QUOTENAME(COLUMN_NAME) > @ColumnName
    )

    IF @ColumnName IS NOT NULL

    BEGIN
        INSERT INTO @Results
        EXEC
        (
            'SELECT ''' + @TableName + '.' + @ColumnName + ''', LEFT(' + @ColumnName + ', 3630) 
            FROM ' + @TableName + ' (NOLOCK) ' +
            ' WHERE ' + @ColumnName + ' LIKE ' + @SearchStr2
        )
    END
    END    
    END

    SELECT ColumnName, ColumnValue FROM @Results

0 个答案:

没有答案