浅谈php表单提交中enctype属性

浅谈php表单提交中enctype属性

3318发表于2016-01-15

实际项目中,form表单的enctype属性设置成了“text/plain”,$_POST[]取值取不到。解决方法是删除该属性,或者设置为其他的另外两种属性值。遇到的问题,记录在此。

这里再来熟悉一下php中form表单中enctype属性的设置。

form表单中的enctype属性指定将数据发回到服务器时浏览器使用的编码类型。
下面是取值说明:
multipart/form-data: 窗体数据被编码为一条消息,页上的每个控件对应消息中的一个部分,不对字符编码。当使用有文件上传控件的表单时,该值是必需的。。
application/x-www-form-urlencoded: 窗体数据被编码为名称/值对。这是标准的编码格式。在发送前对所有字符进行编码(默认)。
text/plain: 窗体数据以纯文本形式进行编码,其中不含任何控件或格式字符,邮件处理中用到,其他地方很少用。将空格转换为 "+" 符号,但不编码特殊字符。抓包可见数据形式。

说明:

1)如果表单中有文件要上传,表单中form标签必须设置enctype="multipart/form-data"来确保匿名上传文件的MIME编码。默认情况下,表单的编码格式是 application/x-www-form-urlencoded,不能用于文件上传;

2)进行session处理时,如果将表单设置enctype="text/plain",则通过$_POST,$_GET,$_REQUEST等是无法取到值的。这点一定要小心!!!

对于三种类型的进一步解释,实质参考如下:

enctype defines how the data should be formatted before sending. the two correct formats are application/x-www-form-urlencoded (which essentially sends things as key=valye&anotherkey=anothervalue, with http headers) and multipart/form-data (which splits each key up into a distinct section of data). text/plain means nothing should be done - its behaviour is essentially undefined between browsers, and was only ever used for automated email forms in the days before spam. use application/x-www-form-urlencoded for text forms (or leave this to use the default setting) and multipart/form-data for file attachment uploads


text/plain:

Content-Type: text/plain  
================================================================================  
foo=bar  
baz=The first line.  
The second line.  


application/x-www-form-urlencoded:

Content-Type: application/x-www-form-urlencoded  
================================================================================  
foo=bar&baz=The+first+line.%0D%0AThe+second+line.%0D%0A  


multipart/form-data:

Content-Type: multipart/form-data; boundary=---------------------------314911788813839  
================================================================================  
-----------------------------314911788813839  
Content-Disposition: form-data; name="foo"  
  
bar  
-----------------------------314911788813839  
Content-Disposition: form-data; name="baz"  
  
The first line.  
The second line.  
  
-----------------------------314911788813839--

you can see how the first one is useful for passing values UNCHECKED directly into an email program (e.g. if your form uses a mailto: address, so it uses your visitor's email program to send) but is largely useless for programmatic access to fields. only the bottom 2 examples are valid for actual form-based form data


小编蓝狐