$_SERVER['REQUEST_URI'] ... Server or header generated?
I use a database instead of sessions to keep information about a user. One of my columns tracks the current page that the user is on, and it is simply an update to the table setting the value with $_SERVER['REQUEST_URI']. I have been seeing some strange urls in there lately, IE Welcome to Intel.
I thought request uri was generated by the server, and pays no attention to the given header information.
One of two things are happening here:
1) I have a breach in my code somewhere, which I don't see how is possible since this code never touches user input.
2) request_uri is sent by the header and is being modified.
Does anyone have any information or tips about this?