Search code examples
escapingfacebook-php-sdkfacebook-fqlfile-get-contentsampersand

Intermittent HTTP400 (bad request) when using FQL with file_get_contents()

My web pages uses PHP to do a FQL request that obtains the logged in user's friend count, here's the code:

$graph = 'https://graph.facebook.com/fql?q=';
$graph .= 'SELECT+friend_count+FROM+user+WHERE+uid%3Dme%28%29';
$graph .= '&access_token=' . $access_token;
$result = file_get_contents($graph);

About 80% of the time this works fine, but sometimes I get a 400 Bad Request. I notice that this seems to be caused by the ampersand that separates the 'q' from the 'access_token' is being escaped; i.e. I get this (doesn't work):

https://graph.facebook.com/fql?q=SELECT+friend_count+FROM+user+WHERE+uid%3Dme%28%29&access_token=AAAF8VR3YZCpQBAGiX16jvZAwaEciTwZB1QZAaUjcjy82Ce7Ov7nPqNxjsKM1SAZASGVcZCJ80R9KJZBJYrjKmsDVK6YNrPGA7plPVuwCFZCaOwZDZD

Instead of this (works - same request but '&' has been replaced by '&'):

https://graph.facebook.com/fql?q=SELECT+friend_count+FROM+user+WHERE+uid%3Dme%28%29&access_token=AAAF8VR3YZCpQBAGiX16jvZAwaEciTwZB1QZAaUjcjy82Ce7Ov7nPqNxjsKM1SAZASGVcZCJ80R9KJZBJYrjKmsDVK6YNrPGA7plPVuwCFZCaOwZDZD

I tried to adjust my code accordingly so that the PHP explicitly tells the string to replace the escaped ampersand but to no avail:

$graph = 'https://graph.facebook.com/fql?q=';
$graph .= 'SELECT+friend_count+FROM+user+WHERE+uid%3Dme%28%29';
$graph .= '&access_token=' . $access_token;
$result = file_get_contents($graph);
$graphNoEscape = str_replace('&', '&', $graph);
$result = file_get_contents($graphNoEscape);

Does anybody know the solution to the problem? It's annoying that this code works sometimes, but not all the time!

Solution

  • For anybody that finds this and is having the same problem, this is how I solved it:

    First, I told server to use one php.ini in the public_html/www folder, PHP version 5.3.

    Then I edited my code as follows:

    $graph = 'https://graph.facebook.com/fql?q='; 
$graph .= urlencode('SELECT friend_count FROM user WHERE uid = me()');
$graph .= '&access_token='.$access_token; 
$graphNoEscape = str_replace('&', '&', $graph); 
$file_contents = file_get_contents($graphNoEscape); 
$fql_result = json_decode($file_contents); 
$friend_count = mysql_real_escape_string($fql_result->data[0]->friend_count);

    Admittedly I may have over done it with the str_replace(), but it works none-the-less :)

    Hope this can help someone.