I'm not a total ace on this, but using enctype="multipart/form-data" creates both a binary and an ascii upload, so there's a doubling of the traffic. I'm not aware of any other issues. However, it seems to me that allowing binary uploads may create some security concerns. I've never been enough of a hacker to know for sure about those things.

[edited by: tedster at 9:38 pm (utc) on Oct. 31, 2007]

I always use "multipart/form-data" for method="post" forms. If that generates a bit more traffic for headers and stuff, so be it: form submissions are a small enough of percentage of the queries that it makes little difference.
Security issues, if any, with binary form data should be handled server-side. Since forms are not subject to 'same origin' policy, any site can send binay form data to the server, so it makes little sense to spend resources enforcing security in the HTML documents.

Agreed, it's just extra overhead and is probably insignificant.

However, the server-side is where you can save a few bytes.

A multipart form can contain any data type in it's multiple parts, text, binary, whatever. These are determined when it's parsed out.

To parse out a multipart form, you usually need a bit more programming to do the grunt work. In perl, this is done using the CGI module, which contains a LOT of other code and functions.

If file upload is the only use you have for multipart forms, it's just extra weight to carry around for every request to your programs that aren't parsing out multipart input. It's a matter of economy, for forms that don't use a multipart, I use a more compact read/parse routine.

thanks for the replies. the form is in an admin-page (behind a login) which I expect not to be used so terribly much, so I go with the one-form-tag-fits-all-option.