how to post data safely via web form

Dear Experts,

which one is more secure to post data for html form?

<form  method="post" >

or

<form  method="post" enctype="multipart/form-data" >

or anything you suggest?

I use PHP and HTML
LVL 1
BRMarketingAsked:
Who is Participating?
 
KimputerCommented:
Anything you post is not safer unless it's really encrypted. Therefore, it's not about your POST code, it's about if it's travelling over HTTP or HTTPS.
1
 
BRMarketingAuthor Commented:
is it safer to use it like this?

<form method="post" enctype="application/x-www-form-urlencoded">
0
 
BRMarketingAuthor Commented:
let me say that, my link is https, and I use post method,
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
KimputerCommented:
If you use https, it doesn't really matter what POST method you use.
2
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
As Kimputer said. You level of safety depends on your SSL cert + SSL Webserver config.

https://www.ssllabs.com/ssltest/ will give you an overview of quality of your SSL setup.

https://www.ssllabs.com/ssltest/ has been providing free + strong certs for years, so for me, I only setup HTTPS sites at this point.

If a client asks me to host a non-HTTPS site, I send them away.

HTTPS is your friend. Make HTTPS one of your first site setup steps + all your over the wire conversations will be secure.
1
 
Dave BaldwinFixer of ProblemsCommented:
<form method="post" enctype="application/x-www-form-urlencoded">  is not about safety.  File uploads and some other forms require that to work properly.
1
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
To add clarity, the encrypt type is not about encryption.  

https://developer.mozilla.org/en-US/docs/Learn/HTML/Forms/Sending_and_retrieving_form_data

This attribute lets you specify the value of the Content-Type HTTP header included in the request generated when the form is submitted. This header is very important because it tells the server what kind of data is being sent. By default, its value is application/x-www-form-urlencoded. In human terms, this means: "This is form data that has been encoded into URL parameters."

Then as Dave mentioned if you want to upload a file, then you would use multipart/form-data .

Then others have mentioned that using https is the way to go over http. That is also correct.

However, what has been left out is accepting data and mitigating Cross Site Scripting https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet and accepting clean data. It does not matter if you are using https or not, accepting bad data can be harmful to your app and database.  Both of these would warrant their own question threads.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.