Ndtyjky

when should we use it

Quentin's answer is right: use multipart/form-data if the form contains a file upload, and application/x-www-form-urlencoded otherwise, which is the default if you omit enctype.

I'm going to:

• add some more HTML5 references


• explain why he is right with a form submit example

HTML5 references

There are three possibilities for enctype:

• x-www-urlencoded


• 
  multipart/form-data (spec points to RFC7578)


• 
  text-plain. This is "not reliably interpretable by computer", so it should never be used in production, and we will not look further into it.

How to generate the examples

Once you see an example of each method, it becomes obvious how they work, and when you should use each one.

You can produce examples using:

• 
  nc -l or an ECHO server: HTTP test server accepting GET/POST requests
  


• an user agent like a browser or cURL

Save the form to a minimal .html file:

<!DOCTYPE html>

<html lang="en">

<head>

  <meta charset="utf-8"/>

  <title>upload</title>

</head>

<body>

<form action="http://localhost:8000" method="post" enctype="multipart/form-data">

  <p><input type="text" name="text1" value="text default">

  <p><input type="text" name="text2" value="aωb">

  <p><input type="file" name="file1">

  <p><input type="file" name="file2">

  <p><input type="file" name="file3">

  <p><button type="submit">Submit</button>

</form>

</body>

</html>

We set the default text value to aωb, which means aωb because ω is U+03C9, which are the bytes 61 CF 89 62 in UTF-8.

Create files to upload:

echo 'Content of a.txt.' > a.txt



echo '<!DOCTYPE html><title>Content of a.html.</title>' > a.html



# Binary file containing 4 bytes: 'a', 1, 2 and 'b'.

printf 'axCFx89b' > binary

Run our little echo server:

while true; do printf '' | nc -l 8000 localhost; done

Open the HTML on your browser, select the files and click on submit and check the terminal.

nc prints the request received.

Tested on: Ubuntu 14.04.3, nc BSD 1.105, Firefox 40.

multipart/form-data

Firefox sent:

POST / HTTP/1.1

[[ Less interesting headers ... ]]

Content-Type: multipart/form-data; boundary=---------------------------735323031399963166993862150

Content-Length: 834



-----------------------------735323031399963166993862150

Content-Disposition: form-data; name="text1"



text default

-----------------------------735323031399963166993862150

Content-Disposition: form-data; name="text2"



aωb

-----------------------------735323031399963166993862150

Content-Disposition: form-data; name="file1"; filename="a.txt"

Content-Type: text/plain



Content of a.txt.



-----------------------------735323031399963166993862150

Content-Disposition: form-data; name="file2"; filename="a.html"

Content-Type: text/html



<!DOCTYPE html><title>Content of a.html.</title>



-----------------------------735323031399963166993862150

Content-Disposition: form-data; name="file3"; filename="binary"

Content-Type: application/octet-stream



aωb

-----------------------------735323031399963166993862150--

For the binary file and text field, the bytes 61 CF 89 62 (aωb in UTF-8) are sent literally. You could verify that with nc -l localhost 8000 | hd, which says that the bytes:

61 CF 89 62

were sent (61 == 'a' and 62 == 'b').

Therefore it is clear that:

• Content-Type: multipart/form-data; boundary=---------------------------9051914041544843365972754266 sets the content type to multipart/form-data and says that the fields are separated by the given boundary string.



• 
  

  every field gets some sub headers before its data: Content-Disposition: form-data;, the field name, the filename, followed by the data.

  
  
  

  The server reads the data until the next boundary string. The browser must choose a boundary that will not appear in any of the fields, so this is why the boundary may vary between requests.

  
  
  

  Because we have the unique boundary, no encoding of the data is necessary: binary data is sent as is.

  
  
  

  TODO: what is the optimal boundary size (log(N) I bet), and name / running time of the algorithm that finds it? Asked at: https://cs.stackexchange.com/questions/39687/find-the-shortest-sequence-that-is-not-a-sub-sequence-of-a-set-of-sequences

  
  


• 
  

  Content-Type is automatically determined by the browser.

  
  
  

  How it is determined exactly was asked at: How is mime type of an uploaded file determined by browser?

  
  

application/x-www-form-urlencoded

Now change the enctype to application/x-www-form-urlencoded, reload the browser, and resubmit.

Firefox sent:

POST / HTTP/1.1

[[ Less interesting headers ... ]]

Content-Type: application/x-www-form-urlencoded

Content-Length: 51



text1=text+default&text2=a%CF%89b&file1=a.txt&file2=a.html&file3=binary

Clearly the file data was not sent, only the basenames. So this cannot be used for files.

As for the text field, we see that usual printable characters like a and b were sent in one byte, while non-printable ones like 0xCF and 0x89 took up 3 bytes each: %CF%89!

Comparison

File uploads often contain lots of non-printable characters (e.g. images), while text forms almost never do.

From the examples we have seen that:

• multipart/form-data: adds a few bytes of boundary overhead to the message, and must spend some time calculating it, but sends each byte in one byte.




• application/x-www-form-urlencoded: has a single byte boundary per field (&), but adds a linear overhead factor of 3x for every non-printable character.

Therefore, even if we could send files with application/x-www-form-urlencoded, we wouldn't want to, because it is so inefficient.

But for printable characters found in text fields, it does not matter and generates less overhead, so we just use it.

enctype='multipart/form-data is an encoding type that allows files to be sent through a POST. Quite simply, without this encoding the files cannot be sent through POST.

If you want to allow a user to upload a file via a form, you must use this enctype.

When submitting a form, you're trying to say your browser to send via the HTTP protocol a message on the network properly enveloped in a TCP/IP protocol message structure. When sending data, you can use POST or GET methods to send data using HTTP protocol. POST tells your browser to build an HTTP message and put all content in the body of the message (a very useful way of doing things, more safe and also flexible). GET has some constraints about data representation and length.

Stating what you send

When sending a file, it is necessary to tell the HTTP protocol that you are sending a file having several characteristics and information inside it. In this way it is possible to consistently send data to receiver and let it open the file with the current format and so on...
This is a requirement from the HTTP protocol as shown here

You cannot send files using default enctype parameters because your receiver might encounter problems reading it (consider that a file is a descriptor for some data for a specific operating system, if you see things this way, maybe you'll understand why it is so important to specify a different enctype for files).

Do not forget security

This way of doing things also ensures that some security algorithms work on your messages. This information is also used by application-level routers in order to act as good firewalls for external data.

Well, as you can see, it is not a stupid thing using a specific enctype for files.

enctype='multipart/form-data' means that no characters will be encoded. that is why this type is used while uploading files to server.

So multipart/form-data is used when a form requires binary data, like the contents of a file, to be uploaded

Set the method attribute to POST because file content can't be put inside a URL parameter using a form.

Set the value of enctype to multipart/form-data because the data will be split into multiple parts, one for each file plus one for the text of the form body that may be sent with them.

Usually this is when you have a POST form which needs to take a file upload as data... this will tell the server how it will encode the data transferred, in such case it won't get encoded because it will just transfer and upload the files to the server, Like for example when uploading an image or a pdf

• enctype(ENCode TYPE) attribute specifies how the form-data should be encoded when submitting it to the server.


• 
  multipart/form-data is one of the value of enctype attribute, which is used in form element that have a file upload. multi-part means form data divides into multiple parts and send to server.
  
  
  
  
  • metaphor part : an HTML document has two parts: a head and a body.
  
  
  
  

The enctype attribute specifies how the form-data should be encoded when submitting it to the server.

The enctype attribute can be used only if method="post".

No characters are encoded. This value is required when you are using forms that have a file upload control

From W3Schools