coopster - 8:29 pm on Feb 16, 2012 (gmt 0)
You are, I'm just advising you to scrub that PHP_SELF value before you use it in the landing script as it is user-supplied data and cannot be trusted. The REQUEST_URI is what I tend to use because of my server configuration. PHP_SELF is different than the REQUEST_URI. The REQUEST_URI is also user-supplied as it can be set in the browser address bar.
Set yourself up with a test page and hit it with a bunch of different combinations so you can see the subtle differences in your server variables. And search for "PHP_SELF security" to discover more about the vulnerabilities of using it in your HTML output, headers, etc. including your redirects.