400 Bad Request

Charlie123 · December 9, 2010, 5:35am

Hi, see this code segment:

$header = “”;
$header .= "POST/cgi-bin/webscr HTTP/1.0\r
";
$header .= "Content-Type: application/x-www-form-urlencoded; charset=windows-1252\r
";
$header .= "Content-Length: " . strlen( $req ) . "\r
\r
";

Then I opened a socket like this:

$fp = fsockopen( ‘ssl://www.sandbox.paypal.com’, 443, $errno, $errstr, 30);

I wrote into the $fp like this, $req is the real conetnt:

fputs( $fp, $header . $req );
while( !feof( $fp ) )
{
$res = fgets( $fp, 1024 );
}

I got this ( value of $res ):

<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>

<TITLE>400 Bad Request</TITLE>

</HEAD><BODY>

<H1>Bad Request</H1>

Your browser sent a request that this server could not understand.<P>

Invalid URI in request POST/cgi-bin/webscr HTTP/1.0<P>

<HR>

<ADDRESS>Apache/1.3.33 Server at <A HREF="mailto:webmaster@paypal.com">www.sandbox.paypal.com</A> Port 443</ADDRESS>

</BODY></HTML>

The PHP file is sitting in a webhosting’s server.
Can you help me what’s wrong? Thanks a lot.
Charlie

svcghost · December 9, 2010, 6:11am

Your POST request contains an invalid URI as the error reported. It should be in the following format:

POST http://whateverthisshouldbe/displayquery.php HTTP/1.0

So don’t forget the full URL and URI.
I’m not sure why you have a slash right after the POST, nor do I know what you’re trying to accomplish with cgi-bin

Charlie123 · December 9, 2010, 6:23am

Thanks for the quick reply. This is the Paypal sandbox test URI, I am not sure what the full URI should be as I posted in Paypal, got no answer. This URI is from Paypal’s website.

Charlie123 · December 9, 2010, 11:28am

I changed to this:

$header .= "POST https://www.sandbox.paypal.com/cgi-bin/webscr HTTP/1.0\r
";
$header .= "Content-Type: application/x-www-form-urlencoded; charset=iso-8859-1\r
";
$header .= "Content-Length: " . strlen( $req ) . "\r
\r
";

The problem was fixed. Thanks a lot.

thruska · December 10, 2010, 4:00pm

Rolling your own fsockopen() based HTTP library when you haven’t read the HTTP specifications is not a good idea. The fact “it works” is meaningless. You got lucky that the server understands broken input. Using a full URL in the request line is for proxy servers to know where to forward the request to. I’ve written a fully functional HTTP(S) library that is included with WebCron Site Backup that you can leverage instead of fiddling around with broken code. Sure your code “works” now but what happens if PayPal decides to update their Apache install to something more recent? You are depending on broken functionality, it could go away at any time and your code won’t work.

Charlie123 · December 11, 2010, 2:04am

Thanks for the comment, I will have a good study with HTTP & your library. Thanks.