Welcome to WebmasterWorld Guest from 107.23.37.199

Forum Moderators: open

Message Too Old, No Replies

Remove text from DB in phpMyAdmin

     
8:15 am on Sep 17, 2016 (gmt 0)

Junior Member

10+ Year Member Top Contributors Of The Month

joined:July 4, 2007
posts: 193
votes: 0


My site has been hacked and I've found the script that they've inserted into a load of tables in my DB. However, when I try to remove the text I get an error.

I need to remove this text:

<script type='text/javascript' src='//thisisthewebsite?tid=79479_131506_0&tagid=2'></script><script type="text/javascript" src="//thisisthewebsite.php?zoneid=683723"></script>


But when I run the following

UPDATE wp_posts SET post_content = REPLACE ( post_content, '<script type='text/javascript' src='//thisisthewebsite?tid=79479_131506_0&tagid=2'></script><script type="text/javascript" src="//thisisthewebsite.php?zoneid=683723"></script> ', '' );


I get the following error:

There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem.

ERROR: Unknown Punctuation String @ 106
STR: //
SQL: UPDATE hei8ty6_posts SET post_content = REPLACE ( post_content, ''<script type='text/javascript' src='//thisisthewebsite?tid=79479_131506_0&tagid=2'></script><script type="text/javascript" src="//thisisthewebsite.php?zoneid=683723"></script> ' ', '' )

SQL query:

UPDATE hei8ty6_posts SET post_content = REPLACE ( post_content, ''<script type='text/javascript' src='//thisisthewebsite?tid=79479_131506_0&tagid=2'></script><script type="text/javascript" src="//thisisthewebsite.php?zoneid=683723"></script> ' ', '' )

MySQL said: Documentation

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'type=''text/javascript'' src=''//thisisthewebsite?tid=79479_131506_0' at line 1


I'm presuming it's because there's a lot of apostrophes, quote marks, slashes etc but don't know how to resolve this. I've only ever had to remove basic text strings using this method before.

Thanks in advance for any help.
8:58 am on Sept 17, 2016 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2951
votes: 33


The single quote ' is interpreted as an SQL special character. Use two concatenated single quotes if you want to represent the quote character inside a string. More about string literals can be found here: [dev.mysql.com...]
11:40 am on Sept 17, 2016 (gmt 0)

Junior Member

10+ Year Member Top Contributors Of The Month

joined:July 4, 2007
posts: 193
votes: 0


Thanks for this. So in this situation would I write it as:

UPDATE wp_posts SET post_content = REPLACE ( post_content, '''<script type='text/javascript' src='//thisisthewebsite?tid=79479_131506_0&tagid=2'></script><script type="text/javascript" src="//thisisthewebsite.php?zoneid=683723"></script> ''', '' );
2:36 pm on Sept 19, 2016 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2951
votes: 33


You still have single quotes around some text/javascript blocks. I think it should be something like
UPDATE wp_posts SET post_content = REPLACE ( post_content, '<script type=''text/javascript'' src=''//thisisthewebsite?tid=79479_131506_0&tagid=2''></script><script type="text/javascript" src="//thisisthewebsite.php?zoneid=683723"></script>', '' )
It is a little bit confusing that the first <script> declaration uses single quotes, and the second double quotes.
4:59 pm on Sept 19, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 19, 2002
posts:3479
votes: 76


please note: that unless you fix the way you were hacked, it is only a matter of time before it happens again. also with these injection attacks you can be attacked multiple times, it appends the code to the end of the field, so until the field space is used up, you could have several js blocks, one after the other, unless of course it actually replaces the field value altogether, then of course each successive hack merely overwrites the previous one.

with MySQL you can also use the \ character to escape quotes - which can be less confusing, as two single quotes can look just like a double quote, depending on the font you are using. I don't use phpMyAdmin, but don't see why it wouldn't work with the phpMyAdmin interface too.
hence something like:


UPDATE wp_posts SET post_content = REPLACE ( post_content, '<script type=\'text/javascript\' src=\'//thisisthewebsite?tid=79479_131506_0&tagid=2\'></script><script type="text/javascript" src="//thisisthewebsite.php?zoneid=683723"></script> ', '' );