I had my suspicions, but decided to get a second opinion. Turns out I was right. This is something called an SQL injection.
From w3schools.com
SQL injection is a code injection technique that might destroy your database.
SQL injection is one of the most common web hacking techniques.
SQL injection is the placement of malicious code in SQL statements, via web page input.
Basically, someone was trying to screw with the data from our sextortion forms. It appears someone(s) really doesn't like what we do. That's fine though. It shows that what we're doing is causing them enough grief to attempt to shut us down. It actually supports what I say in the new presentation I'm working on. Messing with scammers by baiting them does nothing but inconvenience them. Where the REAL damage comes is by getting the information we obtain and posting it into the public domain. This and the previous DDoS attempt we had against us earlier this month show this to be true. After all, why else would they be doing this if not to try and destroy that posted data that's making it harder for them to operate? We'll deal with the scammers trying to shut us down, but we need MORE data posted. Everything posted up here makes it harder for the scammers and that's exactly what we want.