Avoiding Apache mod_rewrite


I need to redirect users who go to one of my pages (http://www.mydomain.com/place_to_go.php) to a secure version, so that they can pay for a product with a credit card. Apache’s mod_rewrite seemed like a good approach, but I’m much more comfortable with php and was wondering if there are any apparent pitfalls in using:

$var1 = (int) $_GET['var1'];
$var2 = (int) $_GET['var2'];
if (isset($_SERVER['SCRIPT_URI']) && (substr($_SERVER['SCRIPT_URI'],0,5)) != 'https') {
//I put in the isset business because SCRIPT_URI didn't seem to be defined on my local server
//SCRIPT_URI seemed like the best thing to check, but it's here that I'm worried that I might be missing something...
	header('Location: https://www.mydomain.com/place_to_go.php?var1='.$var1.'&var2='.$var2);

Thoughts/comments would be appreciated!


A better way to determine if they are using TLS or not would be to use the $_SERVER[‘HTTPS’] array key as it will give you a much nicer way of detecting it.