I would suggest to think in this way: if I can not sanitize whole query (as you can not, what does sanitized mean? Is DELETE or DROP malicious or wanted query? Your plugin would have to be able to determinate the intended purpose of each query ant it is unreachable.), you can predict it’s content.
Your apply_filter function can take 4 arguments, when first is either AND or OR (you wont include argument stright, but you’ll check it’s value agains variable defined in your plugin and insert value of that “yours” variable. Second argument is string not containting semicolon nor =, nor quotes (you can str_replace them or reject on the base of strpos), next arg will be much the same as first, but will check for =/!=/>/=/<= and the last one will be the same as second one.