Since I last wrote about a SQL Injection Attach that one of my sites received I took measures to prevent it and now reject a URL with @(cast in it immediately and don't process it any further. This has worked well over the last year and a half and no further attacks of that type have made it into the logs.
I have now started to see URL requests with the following pattern:
The significant part comes after the =3:
No idea what they're trying to achieve with this...