You would with that, because it strips all of them...
You have a few options:
1.) Change the .htaccess Query_String pattern from . (dot) to a more definite matching pattern, so it checks to see if the Query_String is valid and if the Query_String does not match the pattern, remove it.
(Your script would have to be adjusted to work correctly, and it depends on what your Query_Strings are, but you could add a 'start' or 'end' pattern to all variables allowed to be passed in a Valid Query_String. EG var=abc or var=bca could both be valid now, but could be changed to be var=Aabc and var=Abca, then you could use Mod_Rewrite to check for A @ the beginning of each var= and if it's not there, you know it's spoofed.)
2.) If you only allow Query_Strings on certain pages, check them for a proper match of the pattern you use, then strip the Query_String from the rest.
3.) Remove the rule from the .htaccess file, and move the removal process to PHP. Then in the PHP check for an 'exact match' of allowed Query_Strings generated and if the Query_String is not valid, strip it or return a 404 error.
There's some other things you can do using a combination of the above or by expanding on them a bit, but I hope this give you some ideas.