If there are a lot of SQL statements in the Apache logs, there's most probably someone running blind SQL injection attacks against one of the local websites. Above all one has to make shure, scripts are not vulnerable to such attacks, but often attackers exploit bugs that can't be easily fixed.

To block most of this kind of hacking attempts, one can use the following mod_rewrite rule in .htaccess:

RewriteEngine On

RewriteCond %{QUERY_STRING} [^a-z](cast|char|convert|declare|delete|drop|exec|insert|meta|script|select|set|truncate|update)[^a-z] [NC]
RewriteRule (.*) - [F]

Care has to be taken, not to use any of these keywords in the script's parameters.