Can not allowing space, equal sign, and quote inputs prevent php/SQL injection?

Question 1

That depends on how you define letters and numbers. There are certain Unicode characters that can result in SQL injection. This is sometimes called SQL Smuggling.

There are cases of SQL Injections leveraging the implicit conversion of Unicode homoglyphs from Unicode character string types (NCHAR, NVARCHAR) to character string types (CHAR, VARCHAR). A character such as ʼ (U+02BC) in NVARCHAR may slip through the escaping routine and get translated to ' (U+0027) in VARCHAR, which may result in an SQL Injection when such a string is used to build an SQL statement dynamically.

However, your validation is pretty strict (only characters from the Basic Latin Unicode block and Unicode whitespace characters) and I can’t think of any case where this would fail.

https://security.stackexchange.com/a/54958

Having said that, prepared statements / parameterized queries offer the best protection against SQL injection. If the allowable character set is expanded through a requirements change years down the road, the person doing the change may be unaware of the security implications of allowing additional characters.

Question 2

For MySQL you can escape your string using mysql_real_escape_string() or so. Actually, if there is only something contains letters(A-Z) and digits (0-9) then it is okay. But the point is to have the right filter for each variable you are receiving from user.

Question 3

It makes no sense.
It is useless.

Even if it worked it would be useless and wrong.

Dynamical SQL building should be never connected to whatever user input and its validation. There are rules of safe SQL creation already. That works for ANY data, not only artificially limited subset.

In a sanely designed application data storage layer should be separated from user input processing. And should be able to process any data, regardless of its source or developer's whims.