how to post data safely via web form

Dear Experts,

which one is more secure to post data for html form?

<form  method="post" >


<form  method="post" enctype="multipart/form-data" >

or anything you suggest?

I use PHP and HTML
BRDigital MarketingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BRDigital MarketingAuthor Commented:
is it safer to use it like this?

<form method="post" enctype="application/x-www-form-urlencoded">
KimputerIT ManagerCommented:
Anything you post is not safer unless it's really encrypted. Therefore, it's not about your POST code, it's about if it's travelling over HTTP or HTTPS.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BRDigital MarketingAuthor Commented:
let me say that, my link is https, and I use post method,
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

KimputerIT ManagerCommented:
If you use https, it doesn't really matter what POST method you use.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
As Kimputer said. You level of safety depends on your SSL cert + SSL Webserver config. will give you an overview of quality of your SSL setup. has been providing free + strong certs for years, so for me, I only setup HTTPS sites at this point.

If a client asks me to host a non-HTTPS site, I send them away.

HTTPS is your friend. Make HTTPS one of your first site setup steps + all your over the wire conversations will be secure.
Dave BaldwinFixer of ProblemsCommented:
<form method="post" enctype="application/x-www-form-urlencoded">  is not about safety.  File uploads and some other forms require that to work properly.
Scott FellDeveloper & EE ModeratorCommented:
To add clarity, the encrypt type is not about encryption.

This attribute lets you specify the value of the Content-Type HTTP header included in the request generated when the form is submitted. This header is very important because it tells the server what kind of data is being sent. By default, its value is application/x-www-form-urlencoded. In human terms, this means: "This is form data that has been encoded into URL parameters."

Then as Dave mentioned if you want to upload a file, then you would use multipart/form-data .

Then others have mentioned that using https is the way to go over http. That is also correct.

However, what has been left out is accepting data and mitigating Cross Site Scripting and accepting clean data. It does not matter if you are using https or not, accepting bad data can be harmful to your app and database.  Both of these would warrant their own question threads.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.