how to post data safely via web form

Dear Experts,

which one is more secure to post data for html form?

<form  method="post" >

or

<form  method="post" enctype="multipart/form-data" >

or anything you suggest?

I use PHP and HTML
LVL 1
BRMarketingAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BRMarketingAuthor Commented:
is it safer to use it like this?

<form method="post" enctype="application/x-www-form-urlencoded">
0
KimputerCommented:
Anything you post is not safer unless it's really encrypted. Therefore, it's not about your POST code, it's about if it's travelling over HTTP or HTTPS.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BRMarketingAuthor Commented:
let me say that, my link is https, and I use post method,
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

KimputerCommented:
If you use https, it doesn't really matter what POST method you use.
2
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
As Kimputer said. You level of safety depends on your SSL cert + SSL Webserver config.

https://www.ssllabs.com/ssltest/ will give you an overview of quality of your SSL setup.

https://www.ssllabs.com/ssltest/ has been providing free + strong certs for years, so for me, I only setup HTTPS sites at this point.

If a client asks me to host a non-HTTPS site, I send them away.

HTTPS is your friend. Make HTTPS one of your first site setup steps + all your over the wire conversations will be secure.
1
Dave BaldwinFixer of ProblemsCommented:
<form method="post" enctype="application/x-www-form-urlencoded">  is not about safety.  File uploads and some other forms require that to work properly.
1
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
To add clarity, the encrypt type is not about encryption.  

https://developer.mozilla.org/en-US/docs/Learn/HTML/Forms/Sending_and_retrieving_form_data

This attribute lets you specify the value of the Content-Type HTTP header included in the request generated when the form is submitted. This header is very important because it tells the server what kind of data is being sent. By default, its value is application/x-www-form-urlencoded. In human terms, this means: "This is form data that has been encoded into URL parameters."

Then as Dave mentioned if you want to upload a file, then you would use multipart/form-data .

Then others have mentioned that using https is the way to go over http. That is also correct.

However, what has been left out is accepting data and mitigating Cross Site Scripting https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet and accepting clean data. It does not matter if you are using https or not, accepting bad data can be harmful to your app and database.  Both of these would warrant their own question threads.
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
HTML

From novice to tech pro — start learning today.