paypal sandbox responds bad request

Question

I have following HTML form

<form action="https://sandbox.paypal.com/cgi-bin/webscr" method="post" id="paypalpost" name="paypalpost">
                <input type="hidden" name="rm" value="2"/>
                <input type="hidden" name="cmd" value="_xclick">
                <input type="hidden" name="business" value="vbnetdiscuss@yahoo.com">
                <input type="hidden" name="item_name" value="Wedding Gift">
                <input type="hidden" name="currency_code" value="EUR">
                <input type="hidden" name="amount" value="<?php echo $value['total'];?>">
                <input type="hidden" name="return" value="http://developwithus.com/wedding/return.php">
                <input type="hidden" name="cancel_return" value="http://developwithus.com/wedding/return.php?status=0">


            <input onclick="return submitatoc();" disabled type="submit" name="submit" id="pay" class="buttonBlueBg" value="Checkout" style="cursor:pointer;">

            </form>

I had mentioned return URL as http://developwithus.com/wedding/return.php on which, (I had download this from : https://cms.paypal.com/cms_content/US/en_US/files/developer/IPN_PHP_41.txt and add

<?php 
print_r('<pre>');
print_r($_POST);
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
// HTTP ERROR
    echo "HTTP Error";
} else {
    fputs ($fp, $header . $req);
    while (!feof($fp)) {
        $res = fgets ($fp, 1024);
        echo $res;
        if (strcmp ($res, "VERIFIED") == 0) {
            // check the payment_status is Completed
            // check that txn_id has not been previously processed
            // check that receiver_email is your Primary PayPal email
            // check that payment_amount/payment_currency are correct
            // process payment
            echo("verified");
        }
        else if (strcmp ($res, "INVALID") == 0) {
            // log for manual investigation
            echo ("invalid");
        }
    }
    fclose ($fp);
}
echo "end";
?>

but I got Bad Request as response, If I go to paypal sand box account and made payment and return back.

Array
(
   [CONTEXT] => wtgSziM4C5x0SI-9CmKcv2vkSeTLK5P_g6HqzC__YTYkcqziFNcB84p79Ja
   [myAllTextSubmitID] => 
   [cmd] => _flow
   [mc_gross] => 100.00
   [protection_eligibility] => Ineligible
   [address_status] => confirmed
   [payer_id] => Z5NWSYYVZW268
   [tax] => 0.00
   [address_street] => 1 Main St
   [payment_date] => 09:04:08 May 14, 2011 PDT
   [payment_status] => Pending
   [charset] => windows-1252
   [address_zip] => 95131
   [first_name] => Test
   [address_country_code] => US
   [address_name] => Test User
   [notify_version] => 3.1
   [custom] => 
   [payer_status] => verified
   [address_country] => United States
   [address_city] => San Jose
   [quantity] => 1
   [payer_email] => sujeet_1302606445_per@gmail.com
   [verify_sign] => AozIjtjfCe0jUnbJpR4qPrW54olKAq.SrnEktGSocrk8yYv4bpR4lJX7
   [txn_id] => 3HG58230W32603443
   [payment_type] => instant
   [last_name] => User
   [address_state] => CA
   [receiver_email] => vbnetdiscuss@yahoo.com
   [pending_reason] => unilateral
   [txn_type] => web_accept
   [item_name] => Wedding Gift
   [mc_currency] => EUR
   [item_number] => 
   [residence_country] => US
   [test_ipn] => 1
   [transaction_subject] => Wedding Gift
   [handling_amount] => 0.00
   [payment_gross] => 
   [shipping] => 0.00
   [merchant_return_link] => click here
   [form_charset] => UTF-8
)
HTTP/1.1 400 Bad Request
Date: Sat, 14 May 2011 16:05:20 GMT
Server: Apache
Set-Cookie: c9MWDuvPtT9GIMyPc3jwol1VSlO=%7cgA9mW0Yh7-iBp435VBDwyCqtOtnlE8KAk8fT_sjGXHGx2mDzXgFit5ZdHd3BOOEUt_UDRW%7cRD1g8aAyLevIAP-u4WfCokEQkimrkpQk6v6rLZ_xD-pT1ATWuv5RtcK3NIbPPwfF1cXq3G%7c; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Tue, 11-May-2021 16:05:20 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.191.196.11.9095130538912094; path=/; expires=Fri, 31-Mar-05 09:37:04 GMT
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

can you guys tell me what I'm doing wrong? INVALID response is working

Robert · Accepted Answer · 2013-08-04T13:17:41.233

17

Remove your *.paypal.com cookies.
This an unfortunate bug in the PayPal system, where the cookie gets too large and the server errors out on it.
You can avoid the problem by using two different browsers, e.g. IE for PayPal Live and FF for the PayPal Sandbox.

edited Aug 04 '13 at 13:17

answered May 21 '11 at 12:27

Robert

19,326
3
58
59

I'm getting 400 Bad Request regardless - after clearing the cookies, or installing Chrome and using that. It also outputs "Invalid Host header". – thomthom Aug 14 '12 at 23:07
Can you send me an email about that with a screenshot + copy of the source of the error page? My address is ppmtsrob@gmail.com -- this is not exactly suited for SO, but I'd like to continue looking into that. – Robert Aug 15 '12 at 17:18
1

I found the solution in this Q: http://stackoverflow.com/a/11811213/486990 I was using the old PHP4 example for my IPN. Originally it used HTTP, but that now returned 302. Then I switched to SSL and I got the 400. But that was because of the missing Host header. That was when I was debugging with localhost. However, my live site use SSL and the old PHP4 example, no Host header but it works. I found reports by other people that they also noticed that Sandbox fail without Host, but Live IPN doesn't. I am however updating my IPN to use the PHP 5.2 example to avoid future problems. – thomthom Aug 16 '12 at 08:07
Glad you got it resolved. I'm still confused why you got it in Chrome, though. You shouldn't have gotten this when accessing PayPal from chrome. – Robert Aug 16 '12 at 08:17
It's amazing that they've known about this for 10 months and haven't done anything about it. – João Bragança Aug 31 '12 at 18:42
Are you referring to 'Bad request' while accessing the website, or 'Bad request' on IPN validation to the PayPal Sandbox? The former has been resolved, the latter is intended. – Robert Sep 01 '12 at 23:09
Is there any official reference to this bug? We are experiencing this issue in development right now and would love to have a link to the bug to verify that it is consistent with our results and that it is benign in production. – Gabriel Mar 06 '13 at 18:20

score 4 · Answer 2 · edited May 23 '17 at 12:01

4

You are trying to open the socket yourself, so you need to add the HTTP Host header yourself just below $header = POST.

$header .= "Host: www.sandbox.paypal.com\r\n";

Source: PayPal IPN Bad Request 400 Error

edited May 23 '17 at 12:01

Community

1
1

answered Aug 07 '12 at 14:55

SpiritOfDragon

1,404
2
15
27

1

Great... Adding the line
$header .= "Host: www.sandbox.paypal.com\r\n";
To the header fix the problem... Thanks a lot!! – Aug 17 '12 at 18:40

score 0 · Answer 3 · answered May 23 '11 at 16:23

0

You can try as follow : https://www.x.com/thread/47663 That guy remove some parameters on paypal postback url. It works for me. Hope this help

answered May 23 '11 at 16:23

Tuan

61
2
10

paypal sandbox responds bad request

3 Answers3