php - SQL Server Update & Replace Spam in "text" and "ntext" fields -

-

first , foremost, thank time taking @ issue.

an old database table has on 14k spam links injected it, many of in text , ntext fields. have written sql query runs , updates fields not "text" or "ntext" type, unfortunately not update "text" or "ntext" fields @ all.

brief information database: running on iis7, sql server 2008, , php enabled (version 5.3). unfortunately have limited capability update database directly or control panel (otherwise have been handled swiftly) writing script in php automatically update compromised tables. script in form runs without error, not have updates in text or ntext fields.

the script follows:

//basic db connection $conn = database_info; $sql = "select * pages_test_only";   $result = sqlsrv_query($conn, $sql);  //loop scrub each table foreach(sqlsrv_field_metadata($result) $fieldmetadata)  {     //the loop here updates each section of spam (starting </title>) "" (empty/null)     //and leaves other content intact.  double quotes in spam escaped (\").      //text update - if field type 'text'     if ($fieldmetadata['type'] == -1)      {      $sqlupdate = "update pages_test_only set ".$fieldmetadata['name']." = cast(replace(cast(".$fieldmetadata['name']." nvarchar(6000)), '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', '') text";     }     //ntext update - if field type 'ntext'     elseif ($fieldmetadata['type'] == -10)      {      $sqlupdate = "update pages_test_only set ".$fieldmetadata['name']." = cast(replace(cast(".$fieldmetadata['name']." nvarchar(6000)), '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', '') ntext";     }     //any other update - if field contains spam, of other type [this working]     else     {     $sqlupdate = "update pages_test_only set ".$fieldmetadata['name']." = replace(".$fieldmetadata['name'].", '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', '')";     }      //send db     $res = sqlsrv_query($conn, $sqlupdate);  }

i aware converting text , ntext fields nvarchar permanently ideal, these purposes need table structure remain when script completes.

additionally, if know of way pull in column metadata without having select in sql server 2008, appreciate information speed query actual table.

please let me know issues see, , again thank time.

edit:

while major issue still exists, able pull in field name , type query:

$sql = "select column_name, data_type information_schema.columns table_name = 'pages_test_only'"; $result = sqlsrv_query($conn, $sql);

it applied in while loop:

while($row = sqlsrv_fetch_array($result)){     echo $row['column_name']."<br />";     echo $row['data_type']."<br />";      //update - text type     if ($row['data_type'] == 'text')      {      echo "this column text column.<br />";     $sqlupdate = "update pages_test_only set ".$row['column_name']." = cast(replace(cast(".$row['column_name']." nvarchar(1000)), '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', 'test') text";     }     //update - ntext type      elseif ($row['data_type'] == 'ntext')      {      echo "this column ntext column.<br />";     $sqlupdate = "update pages_test_only set ".$row['column_name']." = cast(replace(cast(".$row['column_name']." nvarchar(1000)), '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', 'test') ntext";     }     //update - other type     else     {     $sqlupdate = "update pages_test_only set ".$row['column_name']." = replace(".$row['column_name'].", '</title><div style=\"display:block; text-indent:-5670px;\"><a href=\"http://buy-cialis-onlineusa.com\">generic cialis</a></div>', 'test')";     } $res = sqlsrv_query($conn, $sqlupdate); }

i'm bit embarrassed, issue having syntax. forgot parenthesis on end of each sql statement. being said, here final, working set of updates:

//basic connection information $servername = "dbhost.etc"; //servername\instancename $connectioninfo = array( "database"=>"db_name", "uid"=>"db_user", "pwd"=>"db_pass"); $conn = sqlsrv_connect( $servername, $connectioninfo);  //connection check if( $conn )  {  echo "connection established.<br /><br />"; } else {  echo "connection not established.<br />";  die( print_r( sqlsrv_errors(), true)); }  //this selects column name , type table $sql = "select column_name, data_type information_schema.columns table_name = 'table_name'"; $result = sqlsrv_query($conn, $sql);  //a loop set each column checks data type , casts/updates accordingly while($row = sqlsrv_fetch_array($result)) {      //update - text type     if ($row['data_type'] == 'text')      {      $sqlupdate = "update table_name set ".$row['column_name']." = cast(replace(cast(".$row['column_name']." nvarchar(max)), 'string', 'replacement') text)";     }     //update - ntext type      elseif ($row['data_type'] == 'ntext')      {      $sqlupdate = "update table_name set ".$row['column_name']." = cast(replace(cast(".$row['column_name']." nvarchar(max)), 'string', 'replacement') ntext)";     }     //update - other type     else     {     $sqlupdate = "update table_name set ".$row['column_name']." = replace(".$row['column_name'].", 'string', 'replacement')";     }       $res = sqlsrv_query($conn, $sqlupdate);  }

Comments

Post a Comment

Popular posts from this blog

c - How to retrieve a variable from the Apache configuration inside the module? -

-
i'm building custom apache module. how retrieve variable apache configuration inside module? see variable "some_var_config_from_apache_or_htaacess" inside apache module: /* source: http://people.apache.org/~humbedooh/mods/examples/mod_example_1.c */ /* include required headers httpd */ #include "httpd.h" #include "http_core.h" #include "http_protocol.h" #include "http_request.h" static void register_hooks(apr_pool_t *pool); static int example_handler(request_rec *r); /* define our module entity , assign function registering hooks */ module ap_module_declare_data example_module = { standard20_module_stuff, null, // per-directory configuration handler null, // merge handler per-directory configurations null, // per-server configuration handler null, // merge handler per-server configurations null, // directives may have httpd register_hoo
Read more

c# - Constructor arguments cannot be passed for interface mocks -

-
when debug code , read line mocklessonplannerafactory creation error: constructor arguments cannot passed interface mocks. var mockschoolclasscodeservice = new mock<ischoolclasscodeservice>(); var mockdateservice = new mock<idateservice>(); var mocklessonplannerafactory = new mock<ilessonplannerafactory>(mockdateservice.object); var mocklessonplannerbfactory = new mock<ilessonplannerbfactory>(mockdateservice.object); var service = new timetableservice(mockunitofwork.object, mocklessonplannerafactory.object, mocklessonplannerbfactory.object, mockschoolclasscodeservice.object); my timetableservice accepts instances of interface type only. mocklessonplannerafactory , bfactory... want in constructor idateservice passed. what wrong code? the clue in error message "constructor arguments cannot passed interface mocks." the mock created interface have default constructor because interfaces don't have constructor. remember mockin
Read more

python - malformed header from script index.py Bad header -

-
i want run python code in apache2(ubuntu 14.04) server. have followed these steps , getting error: step 1: configuration 1: have created directory , file under /var/www/cgi-bin configuration 2 : have edited /etc/apache2/sites-available/000-default.conf alias /cgi-bin /var/www/cgi-bin <directory "/var/www/cgi-bin"> options indexes followsymlinks execcgi addhandler cgi-script .cgi .py allow </directory> <directory /var/www/cgi-bin> options </directory> step 2: and python script is: index.py #!/usr/bin/env python import cgi; import cgitb;cgitb.enable() print "content-type: text/plain\n" print "<b>hello python</b>" step 3: when ran through chrome browser using: url : http://localhost/cgi-bin/index.py step 4: i getting error in error-log malformed header script 'index.py': bad header: hello python you should end header \r\n, must print out yet \r\n signal body coming. (i
Read more