You're using the code that Facebook sent you to try to get a long lived access token.
You must get a short lived access token first. Then exchange the short lived access token for the long lived access token (which is the call you are trying to make above).
Getting a short-lived access token:
https://graph.facebook.com/oauth/access_token?client_id={client_id}&redirect_uri={your redirect uri}&client_secret={client_secret}&code={code}
Where the code is the code you are currently using. Not sure if redirect_uri is required, but I use it.
This will return a form encoded string like
access_token=AQADEADBEEF&expires=11111
You can then use this access token (AQADEADBEEF) in place of your fb_exchange_token above