[timbrrr]

Agreed about the point of having a legitimate value in the querry for "declare" All though probably a rare chance, it could happen.

I thought of redirect simply for the chance that it was a human injecting the code, and not a hacked computer out probing every site it could. If it were a person that tried it, and it just appeared to ignore them, then they might be more likely to give up and not try refreshing the page a hundred times looking for results.

Have you deobfuscated the querry? From what I can gather,it basically tries to run a script (possibly located elsewhere such as the origination of the attack) against the database.
Do you have a better or cleaner way to avert this type of attempt?