OK, I did wonder what that was, it does appear from time to time and I think it’s people, not bots. I would have expected the closing quote to be followed by some kind of injection. But I suppose they are just testing first to see if it will work, before wasting time trying an injection, is that it?
I guess the preg replace takes care of that, stripping all but numbers, plus the sql account opening the database is read only.