HTML forms

In HTML, forms are areas delimited by a <form> tag, containing text input boxes, buttons, check boxes, and other features of a graphical user interface. Forms are used by web applications to allow users to provide data to be sent to the server.

In a form, the elements with which users can interact to provide data are known as form fields. Each form field is given a name in the HTML, which identifies it to the server application, but is not visible to the user.

Although the various elements of a form appear different to the user, they all transmit information to the server application as a series of name and value pairs, separated by & characters. Each name is the name of a form field, and the value is the data produced by the user's actions. For example, here is a form with two text input boxes for a user to enter first and last name: 
firstname=Maria&lastname=Smith
The form data is transmitted to the server in one of two ways, depending on which method (GET or POST) is specified in the <form> tag:
  • When the method is GET, the form data is transmitted in a query string in the URL.
  • When the method is POST, the form data is transmitted in the message body.

The character set that is required for encoding the form data is specified by the CHARACTERSET option, and must match the forms encoding determined by the corresponding HTML form. See How the client encoding is determined for more information.

Form data is normally transmitted with special characters escaped. Reserved and excluded characters explains the purpose of escaping.

If the form is defined with the GET method, because the data is sent as a query string in the URL, reserved or excluded characters must always be escaped.

If the form is defined with the POST method, the data is sent in the message body. However, as defined in the HTML 2.0 specification, the default encoding type for all forms is application/x-www-form-urlencoded. See https://www.w3.org/MarkUp/html-spec/html-spec_8.html#SEC8.2.1. When this encoding is used for a form with the POST method, although the data is sent in the message body, reserved or excluded characters are escaped, as they would be if they were in a URL.

If the alternative encoding type multipart/form-data is specified for the form (which is done using the ENCTYPE attribute on the HTML <form> tag), non-ASCII characters in field names must be escaped, but non-ASCII characters in field values do not need to be escaped. The data is also presented in a series of individual sections in the message body. Older applications might not support this encoding. CICS® does support it. The multipart/form-data encoding is described in the Internet Society and IETF Request for Comments document RFC 1867, Form-based File Upload in HTML (https://www.ietf.org/rfc/rfc1867.txt).