400 Bad Request

Hi, see this code segment:

$header = “”;
$header .= "POST/cgi-bin/webscr HTTP/1.0\r
$header .= "Content-Type: application/x-www-form-urlencoded; charset=windows-1252\r
$header .= "Content-Length: " . strlen( $req ) . "\r

Then I opened a socket like this:

$fp = fsockopen( ‘ssl://www.sandbox.paypal.com’, 443, $errno, $errstr, 30);

I wrote into the $fp like this, $req is the real conetnt:

fputs( $fp, $header . $req );
while( !feof( $fp ) )
$res = fgets( $fp, 1024 );

I got this ( value of $res ):



<TITLE>400 Bad Request</TITLE>


<H1>Bad Request</H1>

Your browser sent a request that this server could not understand.<P>

Invalid URI in request POST/cgi-bin/webscr HTTP/1.0<P>


<ADDRESS>Apache/1.3.33 Server at <A HREF="mailto:webmaster@paypal.com">www.sandbox.paypal.com</A> Port 443</ADDRESS>


The PHP file is sitting in a webhosting’s server.
Can you help me what’s wrong? Thanks a lot.

Your POST request contains an invalid URI as the error reported. It should be in the following format:

POST http://whateverthisshouldbe/displayquery.php HTTP/1.0

So don’t forget the full URL and URI.
I’m not sure why you have a slash right after the POST, nor do I know what you’re trying to accomplish with cgi-bin

Thanks for the quick reply. This is the Paypal sandbox test URI, I am not sure what the full URI should be as I posted in Paypal, got no answer. This URI is from Paypal’s website.

I changed to this:

$header .= "POST https://www.sandbox.paypal.com/cgi-bin/webscr HTTP/1.0\r
$header .= "Content-Type: application/x-www-form-urlencoded; charset=iso-8859-1\r
$header .= "Content-Length: " . strlen( $req ) . "\r

The problem was fixed. Thanks a lot.

Rolling your own fsockopen() based HTTP library when you haven’t read the HTTP specifications is not a good idea. The fact “it works” is meaningless. You got lucky that the server understands broken input. Using a full URL in the request line is for proxy servers to know where to forward the request to. I’ve written a fully functional HTTP(S) library that is included with WebCron Site Backup that you can leverage instead of fiddling around with broken code. Sure your code “works” now but what happens if PayPal decides to update their Apache install to something more recent? You are depending on broken functionality, it could go away at any time and your code won’t work.

Thanks for the comment, I will have a good study with HTTP & your library. Thanks.