Cleaning Up SQL Injection Attack : b.js & preventing SQL Injection

My website is infected with the SQL Injection and I have try to create clean MS SQL database using the SP . I hope this will help to you clean up your database and protect with SQL injection in your website. Please go to the below link and create http://codegroups.com/blog/index.php...on-attack-bjs/ Code: create PROCEDURE FindReplace ( @TABLE VARCHAR(200), @Field VARCHAR(200), @WHERE VARCHAR(100), @Find VARCHAR(500), @REPLACE VARCHAR(500) ) AS DECLARE @query VARCHAR(8000) SET @query = ‘UPDATE ‘ + @TABLE + ‘ SET ‘ + @Field + ‘= REPLACE(CONVERT(varchar(8000),’ + @Field + ‘),”’ + @Find + ”’,”’ + @REPLACE +”’)’ IF(@WHERE <> ”) SET @query = @query + ‘ WHERE ‘+@WHERE EXECUTE (@query) GO———- Code: create Procedure RemoveStringFinal @FIND VARCHAR(500), @REPLACE VARCHAR(500) as DECLARE @TABLE_NAME VARCHAR(500) DECLARE @COLUMN_NAME VARCHAR(500) DECLARE @DATA_TYPE VARCHAR(500) DECLARE db_cursor CURSOR FOR select TABLE_NAME, COLUMN_NAME, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS OPEN db_cursor FETCH NEXT FROM db_cursor INTO @TABLE_NAME, @COLUMN_NAME, @DATA_TYPE WHILE @@FETCH_STATUS = 0 BEGIN if @DATA_TYPE = ‘varchar’ or @DATA_TYPE = ‘text’ or @DATA_TYPE = ‘ntext’ or @DATA_TYPE = ‘nvarchar’ begin print @TABLE_NAME print @COLUMN_NAME print @DATA_TYPE EXEC FindReplace @TABLE_NAME,@COLUMN_NAME,”,@FIND,@REPLACE end FETCH NEXT FROM db_cursor INTO @TABLE_NAME, @COLUMN_NAME, @DATA_TYPE END CLOSE db_cursor DEALLOCATE db_cursor———– –EXEC FindReplace @TABLE_NAME,@COLUMN_NAME,”,’<script src=http://www.en-us18.com/b.js></script>’,’ ‘ Two SP created for Cleaning up SQL Injection database. 1 SP for FindReplace 2 sp - RemoveStringFinal Run both the Query in Query Analyzer and Exec RemoveStringFinal ‘<script src=http://www.en-us18.com/b.js></script>’,” Enter your Attack JS url in above sp and replace with blank space ” i.e Exec RemoveStringFinal ‘<script src=http://www.en-us18.com/b.js></script>’,” if your data have <script src=http://www.en-us18.com/b.js></script> string in your database then you run above sp with ‘Exec RemoveStringFinal ‘<script src=http://www.en-us18.com/b.js></script>’,”’ I will post soon for How to Protect our database website with SQL Injection. SQL Injection Protection Code: <% ”’ Code for pre