Because every time when someone want to spend some money under an address, he need to provide public key and sent the content to the mainnet. (Please correct me if that is not correct)
Where can I look to see a revealed public key?
If there is some remaining money under this address, is that possible that the other will copy the public key and generate another request(with this copy) to use those money?
To claim (spend) the bitcoin from an address one needs to create a transaction and provide two things:
When you spent some money from an address the rest will typically go back to the originating address as change (see section Output here).
You are correct that the public key will be exposed after the first transaction. An attacker would have your public key. However, this poses no threat since the public key can be, well, public without compromising security. This is how public key cryptography works.
It is the signature that provides the real security. To create such a signature one needs the private key corresponding to the public key. And that is never revealed in the blockchain.
The above two links provide a lot of detail of how public key cryptography and bitcoin transaction work.
** Note that a bitcoin address is created from the public key with a one-way function (the reverse is not possible). Similarly, a public key is created from the private key with a one-way function. i.e. with the private key one can re-create the rest.
Regular Bitcoin transactions are push payments. There is no way to withdraw money from an address, it must be sent. Except for diminishing privacy there is no security risk to revealing a public key.
A replay attack is not possible, because balances are encapsulated in Unspent Transaction Outputs. While they can be signed over by the owner of the private key of an address, they are identified by the transaction they originated from. Unspent Transaction Outputs are used up completely when a transaction is created, therefore they are not available for a replay attack.
