declare @delStr nvarchar(500)set @delStr=''----这边修改被注入的jsset nocount ondeclare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult intdeclare @sql nvarchar(500)set @iResult=0declare cur cursor forselect name,id from sysobjects where xtype='U'open curfetch next from cur into @tableName,@tbIDwhile @@fetch_status=0begin   declare cur1 cursor for        --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型        select name from syscolumns where xtype in (231,167,239,175) and id=@tbID   open cur1   fetch next from cur1 into @columnName   while @@fetch_status=0   begin      begin try         set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''                   exec sp_executesql @sql               set @iRow=@@rowcount         set @iResult=@iResult+@iRow         if @iRow>0          begin            print '表：[' + @tableName + '],列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'         end            end try       begin catch      end catch      fetch next from cur1 into @columnName   end   close cur1   deallocate cur1      fetch next from cur into @tableName,@tbIDendprint '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'close curdeallocate curset nocount off