From the docs (http://httpd.apache.org/docs/current/howto/htaccess.html):
You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.
My recommendation: use only curl -I so caching is ruled out as a problem source. Use a virtual machine that you can reprovision quickly and reliably. Crank up the log level to debug in you apache config. And don't give up!
Needs to add more to this, especially configs against SQL injections and other hacks.
Relying on your webserver to protect you against SQL injection is probably not what you want to do. The webserver has no knowledge at all about what kind of program you run behind it. You would need to teach it everything about what you're doing.
Seriously, you are much better off just using prepared statements everywhere than trying to teach a webserver the finer points of your particular combination of SQL and the language you use. It's like parsing HTML with regular expressions. It might hold up for a while or for certain tasks, but will explode quite unexpectedly at some later point.