Home » Php » php – CURL Request problem

php – CURL Request problem

Posted by: admin July 12, 2020 Leave a comment

Questions:

I am trying to verify the paypal pdt information.

I generated my mockup form and submitted it. IT worked and returned the information too.

I tried the same thing making curl request. But my cur request is returning blank to me.

my mockup form:

<form method="post" action="https://sandbox.paypal.com/cgi-bin/webscr">
    <input type="hidden" name="cmd" value="_notify-synch"/>
    <input type="hidden" name="at" value="-----"/>
    <input type="hidden" name="tx" value="-----"/>
    <input type="submit" value="Test"/>
</form>

My CURL REQ Code:

$arrData = array(
    'tx'    => '----',
    'cmd'   => '_notify-synch',
    'at'    => '-----'
);
    $ch = curl_init( 'https://sandbox.paypal.com/cgi-bin/webscr' );
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1) ;
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $arrData);
    $strCurlResult = curl_exec($ch);
    curl_close( $ch );
    return $strCurlResult;

EDIT:

ON tracking curl error i found following message:

SSL: certificate subject name ‘www.sandbox.paypal.com’ does not match
target host name ‘sandbox.paypal.com’

How to&Answers:

Change: $ch = curl_init( ‘https://sandbox.paypal.com/cgi-bin/webscr’ );
To: $ch = curl_init( ‘https://www.sandbox.paypal.com/cgi-bin/webscr’ );

Reason: the certificate for www.sandbox.paypal.com is not valid for sandbox.paypal.com.
Make the same change in your form’s ‘action’ as well, by the way.

Answer:

In fact, you can just disable peer HOST verification. In some PHP/cURL version, just disabling PEER is not enough:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

From the docs:

CURLOPT_SSL_VERIFYHOST: 1 to check the existence of a common name in
the SSL peer certificate. 2 to check the existence of a common name
and also verify that it matches the hostname provided. In production
environments the value of this option should be kept at 2 (default
value).

Answer:

You need to tell cURL not to verify the SSL certificate. This can be done by setting a cURL option:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

More information here:

http://php.net/manual/en/function.curl-setopt.php

Answer:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

though the above works it’s not recommended.

as robert said

Change:

$ch = curl_init( ‘https://sandbox.paypal.com/cgi-bin/webscr’ );

To:

$ch = curl_init( ‘https://www.sandbox.paypal.com/cgi-bin/webscr’ );

Answer:

Send it as string:

$arrData = array(
    'tx'    => '----',
    'cmd'   => '_notify-synch',
    'at'    => '-----'
);

$fields_string = "";

foreach($arrData as $key=>$value) 
    $fields_string .= $key.'='.$value.'&';

rtrim($fields_string,'&');

$ch = curl_init( 'https://sandbox.paypal.com/cgi-bin/webscr' );
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1) ;
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
$strCurlResult = curl_exec($ch);
curl_close( $ch );
return $strCurlResult;