Thank you for confirming that. I can use multiple rewriteconds to catch SQL injection without tripping on legitimate words like selection in URLs So, for example
RewriteCond select [NC]
RewriteCond union [NC]
RewirteCond else [NC[
RewriteRule ^(.*)$ - [F,L]
would reject any sql injection attempt that uses select AND union AND else but would not match on select only