Jason pointed out a nice trick for this. You can get a count of the number of instances of a character using split and llength:
llength [split [HTTP::payload] &]
Or to be more exact, you'd want to subtract one:
% set str {name1=value1&name2=value2&name3=value3}
% split $str &
name1=value1 name2=value2 name3=value3
% llength [split $str &]
3
Or together:
% expr {[llength [split $str &]] -1}
2
But really, ASM gives you much better normalization and validation. For example, you could apply all of the XSS attack signatures to all parameters. If you have a specific POST request you want to restrict the number of parameters to 1 for, you can configure this in the ASM policy.
Aaron