Strange referers in Apache logfiles: empty string and what looks like MySQL code
This is an attack against internal infrastructure. Many organizations use centralized systems to ingest logs and then use reporting infrastructure to support querying logs. Developers are fairly bad at designing secure systems and the SQL in a Referer field is trying to take advantage of that.
Attackers can also try to store snippets in Referer fields and then make use of it in other types of attacks.
So long as you aren't using poorly crafted software to query logs you should be fine.
This — https://resources.infosecinstitute.com/sql-injection-http-headers/ — provides some further information.
Also, as noted in the comment, consider user webreadr to read in web server log files.
And, upon further review, this appears to be a campaign by an attacker group looking to compromise "Ecshop" content management system (https://github.com/SecWiki/CMS-Hunter/tree/master/Ecshop/ecshop2.x_code_execute). If you are running that you may want to triple check your server.
This looks like a SQL injection attempt. The logs won't show if the SQL attempt is successful.
While this would normally show in a URL field, there's no reason it couldn't show up in a HTTP referrer field in your logs.