The invention relates to the technical field of information security, and provides a method and system for detecting sensitive information in a database. The method for detecting the sensitive information in the database comprises the steps of scanning a system view of the database to acquire all user tables, extracting a part of data from each field of each user table as a sample, and carrying out analysis and matching on the samples to judge whether the sensitive information exists. The system for detecting the sensitive information in the database comprises a system table, a scanning module, a judgment module and a display module, wherein the scanning module is connected with the database, and the judgment module is connected with a sensitive information feature base, the scanning module and the display module. According to the method and system for detecting the sensitive information in the database, based on the regular expression feature base, by carrying out scanning detection on the user data in the database through the feature base, the position of the sensitive information of mobile phone numbers, bank card numbers, ID numbers, e-mail addresses and the like can be found, a detailed scanning report can be provided, and then a database administrator can carry out key protection and auditing.