$_SERVER['REQUEST_URI'] is a server generated variable. Only GET,POST,a and COOKIES are susceptible to user interference. (with the possible exception of headers like "Referrer") – Byron WhitlockFeb 21 '12 at 19:38
Those who argue it should be sanitized don't really understand what they are talking about. REQUEST_URI holds the URL where you currently are, so if there's any security issue with going to this URL, the harm is already done. Redirecting to where you already are has no security implication. – this.lau_Oct 30 '14 at 17:12
2
@RobertM. nope, it is redirecting you to the current url. As already said, the damage would already be done.– HanoncsOct 1 '15 at 17:59
来自 http://stackoverflow.com/questions/4221116/php-refresh-current-page