I have a simple question. Is $_SERVER['REQUEST_URI'] sent by the client's browser, or by the server? I am pretty sure based on PHP docs that it is defined by the server.

My second question is, would $_SERVER['REQUEST_URI'] return the same thing for both of the following?


Essentially, I am asking whether or not the query string makes a difference.

The reason is because I need to know if this is an ok solution for an authorization check to a webpage. Would something like the following be secure?

PHP Code:
if($_SERVER['REQUEST_URI'] != $allowed_uri){

// page content 

Thanks in advance.