I've created a test form that uses IF.. ELSE to validate data in a simple form. This works ok and any validation messages or errors are posted to the same page (userform.php) to inform the user of success or otherwise.

What I want to do now is take the user to a different page on successful completion of the form. Here's my code so far:

<?php
if (isset($_POST['email'], $_POST['password'])) {
$errors = array ();

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST ['email'];
$password = $_POST ['password'];


if (empty ($firstname) || empty ($lastname) || empty ($email) || empty ($password)) {
$errors [] = "Please complete the form";
}
if (empty($ema开发者_运维技巧il)) {
$errors [] = "You must enter an email address";
}
if (empty($password)) {
$errors [] = "You must enter a password";
}
if (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE){
$errors[] = "Please enter a valid email address";
}
}
if (!empty ($errors)) {
foreach ($errors as $error) {
echo '<strong>', $error ,'</strong><br />';
$result = "userform.php";
 }
} else {
$result = "confirm.php";
}
?>
<form action="<?php echo $result ?>" method="post">

The idea is that the users success or otherwise in completing the form changes the $result variable which is used in the form action. The above code doesn't work, so how would I do it? Is it even possible?

instead of "form action=" at the bottom:

<?php
include($result);
?>

As I understand it you want it to work like so:

1. User fills form
2. User submits form
3. Form submission goes to userform.php
   1. If all values validate, continue to confirm.php
   2. If not, return to userform.php

If that's the case, I don't think you want to change the form action: that would require that the user re-submit the form. Instead, use a HTTP redirect to send them to confirm.php:

header("Location: confirm.php");

... or if you wanna be really by-the-book about it:

header("Status: 303 See Other");
header("Location: http://exampel.com/confirm.php"); // according to the protocol,
                                                    // `Location` headers should be full URLs

<?php
/* ... */
if (!empty ($errors)) {
    foreach ($errors as $error) {
        echo '<strong>', $error ,'</strong><br />';
     }
     ?>
         <form action="userform.php" method="post">
     <?php
} else {
    header("Location: confirm.php");
    // if you need to pass additional information to confirm.php, use a query string:
    // header("Location: confirm.php?var1=".$var1);
}
?>

The way you're doing it now, will redirect the user to confirm.php if they submit the form for a second time. You could change your code to this:

} else {
    // $result = "confirm.php";
    header("Location: confirm.php");
    exit();
}

That way, if everything has been entered, the user will be redirected to confirm.php. But what do you do with the variables if everything is allright? They won't be taken to the new page.

} else {
   $result = confirm.php;

   foreach($_POST as $key => $val){
     $input.="<input type='hidden' name='$key' value='$val' />";
   }

   $form = "<form method='post' name='confirm' action='confirm.php'>".$input."</form>";
   $script = "<script type='text/javascript'>document.confirm.submit();</script>";

   echo $form.$script;
}

empty ($errors) 

will ALWAYS return empty. That's why you always get: $result = 'confirm.php';

Check return values here

Also, I don't think you can do this easily. Instead, why don't you just create a check.php or whatever to check the variables/check for errors, etc. Then do whatever you want (redirect back to the form-filling page or proceeding to confirm.php page.

The whole idea is wrong. You have to fix 2 issues in your code.

1. A major one. Learn to properly indent nested code blocks!

It's impossible to read such an ugly mass with no indents.

2. A minor one.

I see no use of confirmation page here. What are you gonna do on that page? And from where you're going to get form values?

It seems you have to either use just simple Javascript code to show a confirmation or store entered data into session

And, I have to say, that show a confirmation page for simply a feedback form is quite uncommon practice.

So, I think you really need only one form action and only thing to ccare is properly filled form

<?  
if ($_SERVER['REQUEST_METHOD']=='POST') {  
  $firstname = $_POST['firstname'];
  $lastname = $_POST['lastname'];
  $email = $_POST ['email'];
  $password = $_POST ['password'];

  $errors = array();
  if (empty ($firstname) || empty ($lastname) || empty ($email) || empty ($password)) {
    $errors [] = "Please complete the form. All fields required.";
  }
  if (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE){
    $errors[] = "Please enter a valid email address";
  }    
  if (!$errors) {  
    // do whatever you wish to this data
    // and then redirect to whatever address again
    // the current one is a default
    header("Location: ".$_SERVER['PHP_SELF']);
    exit;
  }  else {
    // all field values should be escaped according to HTML standard
    foreach ($_POST as $key => $val) {
      $form[$key] = htmlspecialchars($val);
    }
} else {
  $form['fiestname'] = $form['lasttname'] = $form['email'] = $form['password'] = '';  
}
include 'form.tpl.php';
?>  

while in the form.tpl.php file you have your form fields, entered values and conditional output of error messages

<? if ($errors): ?>
  <? foreach($errors as $e): ?>
<div class="err"><?=$e?></div>
  <? endforeach ?>
<? endif ?>
<form method="POST">
  <input type="text" name="firstname" value=<?=$form['firstname']>

... and so on