This work focused on how to recover a database after it is attacked by a set of malicious transactions that corrupt data. Attack recovery has two aspects: damage assessment and repair. Using checkpoints is simple, but it can sacrifice a lot of good work. If we can stop the database server to do attack recovery, then a technique similar to cascading abort can work. However, since many critical database servers need to be 24*7 available and temporarily making the database shut down can be the real goal of the attacker, on-the-fly attack recovery which never stops the database is necessary in many cases. However, on-the-fly attack recovery faces several unique challenges (compared with traditional database recovery): (1) we need to do repair forwardly; (2) cleaned data objects could be re-damaged during attack recovery; (3) the attack recovery may never terminate in some cases. We have developed both syntact and semantics based attack recovery algorithms. Our syntact-based framework successfully addresses these three challenges. Our semantics-based approach is (in most cases) strictly better than commutativity based repair.