Basically, the “?foo=bar&foo2=bar” thing is called a query string. The question mark symbol marks the beginning of the query string and the ampersand marks the beginning of a new parameter.
So in the case of the example “?foo=123&bar=456”, “foo” would contain “123” and “bar” would contain “456”.
I’d probably make some kind of whitelist allowing the use of the “text” parameter and blocking everything else.
FYI: My page rule example includes redirecting the ampersand, as it’s part of the search string containing the question mark symbol, but exceptions are not supported.