Validating user input is always a great idea from a usability and security point of view. However, when it comes to things like URLs, the data is complex and there is a very strict pattern that the data has to adhere to. From a data perspective, this is great news, since we can validate for what we want, not try to detect what we don't.

However, a lot of modern URLs don't always do a great job following RFC 1738. Specifically, I'm looking at you .Net guys who insist on putting UUIDs wrapped in curly brackets in query strings and the like. According to RFC 1738, curly brackets are "unsafe" within URLs and should be encoded to their URL-encoded entities.

The Apache module mod_vhost_alias and its VirtualDocumentRoot directive can really be a great time saver for local development (some googling will explain why in more deapth). Basically, my local dev is set up so that I just have to create a directory in my aliases directory, and I just then navigate my browser to a URL matching the name of that new directory, and apache knows exactly what to serve automagically.

I do a lot of work involving PHP-based web development. I often find myself needing to test e-mail functionality of a complex PHP application (such as Drupal), but I want to be sure that emails won't be sent to any of the unsuspecting users in the database of the application I'm testing.

Do accomplish this, I make a small but important change to my php.ini (actually in my conf.d/dev_mail.ini -- but it's the same thing):

sendmail_path="/usr/sbin/sendmail -i user@host.tld"

This tells PHP to use this command line whenever the mail() function is used to send an email. PHP's default here is "sendmail -i -t". The -t tells sendmail to scan the message text for To:, Cc:, and Bcc: headers to determine where to deliver the mail. By eliminating the -t we tell sendmail to use the email address(es) on the command line to determine delivery, thus making sure that no matter what PHP's mail() tells sendmail, it will deliver to the address you want.