When an HTML form includes file uploads, the browser uses a different content type. In this case, Content-Type: multipart/form-data is used. When Content-Type: multipart/form-data is used, a boundary specifier is included. This boundary is a special delimiter, set by the sender, which separates parts of the submitted form data.
Consider the following HTML form:
<form method="post" enctype="multipart/form-data" action="/submit.php">
<input name="name" type="text"><br>
<input name="comment" type="text"><br>
<input name="file" type="file"><br>
<input type="submit" value="submit">
</form>
If the user navigates to a web page bearing the HTML form from the preceding code, and enters the name Alice, the comment Well Done!, and selects a file to upload called upload.txt, then the following HTTP POST request could be sent by the browser:
POST /submit.php HTTP/1.1
Host: example.com
Content-Type: multipart/form-data; boundary=-----------233121195710604
Content-Length: 1727
-------------233121195710604
Content-Disposition: form-data; name="name"
Alice
-------------233121195710604
Content-Disposition: form-data; name="comment"
Well Done!
-------------233121195710604
Content-Disposition: form-data; name="file"; filename="upload.txt"
Content-Type: text/plain
Hello.... <truncated>
As you can see, when using multipart/form-data, each section of data is separated by a boundary. This boundary is what allows the receiver to delineate between separate fields or uploaded files. It is important that this boundary is chosen so that it does not appear in any submitted field or uploaded file!