When building HTML forms why do we not always use enctype="multipart/form-data"
?
Multipart form data: The ENCTYPE attribute of <form> tag specifies the method of encoding for the form data. It is one of the two ways of encoding the HTML form. It is specifically used when file uploading is required in HTML form. It sends the form data to server in multiple parts because of large size of file.
The enctype attribute specifies how the form-data should be encoded when submitting it to the server. Note: The enctype attribute can be used only if method="post" .
Our security department, recently, informed us we should stop and avoid to use the content type 'multipart/form-data' in order to send a file to a web server, because it is not considered 'safe'.
enctype(ENCode TYPE) attribute specifies how the form-data should be encoded when submitting it to the server. multipart/form-data is one of the value of enctype attribute, which is used in form element that have a file upload. multi-part means form data divides into multiple parts and send to server.
multipart/form-data
is a lot bulkier than application/x-www-form-urlencoded
; the latter is just a bunch of keys and values (and can be parsed the same way whether for GET
or POST
), whereas the former requires full MIME support, and is thus more useful when you have data that can't simply be represented as key/value pairs.
Because it's a pain to handle, both on the server and in custom clients. Simple is better than complicated, unless simple just doesn't work.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With