We created a simple tool for asking quick questions and getting extremely fast answers to that question. The generated url for the question is easily shareable.<p>We would love some feedback on our project so we can improve it and make it even more fun and simple to use.<p>The url is http://fastask.it<p>Thanks in advance!
You forgot to escape your HTML output.<p><a href="http://fastask.it/%3Cscript%3Ealert%28%22asdf%22%29;%3C/script%3E" rel="nofollow">http://fastask.it/%3Cscript%3Ealert%28%22asdf%22%29;%3C/scri...</a><p>Also, there's SQL injections too:<p><a href="http://fastask.it/%27" rel="nofollow">http://fastask.it/%27</a><p><a href="http://fastask.it/%27%20OR%201=1;--" rel="nofollow">http://fastask.it/%27%20OR%201=1;--</a><p>And you can vote more than once, because there's no server-side check: (ignore the question text)<p><a href="http://fastask.it/register_votephp" rel="nofollow">http://fastask.it/register_votephp</a><p>Also, including a slash in a question (like "Red is good, yes/no") breaks your layout due to relative paths:<p><a href="http://fastask.it/a/b" rel="nofollow">http://fastask.it/a/b</a><p>The maximum length of questions is also only validated on the client. This question is longer than the normally allowed length:<p><a href="http://fastask.it/asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-324234324432432324432234234" rel="nofollow">http://fastask.it/asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-as...</a><p>Your server side cuts too long questions off at some point too; this was originally 8kb of periods, plus the string "8kb":<p><a href="http://fastask.it/8kb" rel="nofollow">http://fastask.it/8kb</a><p>I think it's now 225 periods, so that might be the size of your "ask" column in the question table.<p>Also, if you click a vote button really fast you can vote multiple times (until a request success callback is called and the button is faded away).<p>Also, the "No"-button seems to have stopped disabling itself entirely, at least for me.<p>You should probably read up prepared statements for MySQL, about input sanitizing, and security in general :)<p>In terms of the non-technical side: I had no idea what was going to happen after I clicked "Create". If you promise Instant answers, why would the button be named "Create" and not "Answer"? But the questions are not answered <i>Instantly</i>, so I would remove that term from your entire site.<p>I'd term it "polling" instead of "asking a question"/getting "answers" as well, since it's just yes/no. And what use-cases do you have in mind? If it's for group emails or quick polls or whatever, perhaps add a comment box for responses that are more than just yes or no.
HI<p>I think it should say get instant yes/no answers to simple questions.<p>A border round the input box might be worth while, but I am old school!<p>Good luck with it!
If you type a "?" in the textbox it generate the following link: "<a href="http://fastask.it/"" rel="nofollow">http://fastask.it/"</a>.
I think that in that if the question has no printable characters (?, space, enter) you should behave as if no answer is entered.<p>What do you think?
<a href="http://fastask.it/%3Cscript%3Ealert%28'test'%29;%3C/script%3E" rel="nofollow">http://fastask.it/%3Cscript%3Ealert%28'test'%29;%3C/script%3...</a><p>This link is throwing a PDO exception and has exposed your server path which is potentially dangerous.
It's very simple. But your description is unclear:
>a simple tool for asking quick questions and getting extremely fast answers to that question.<p>It's really a tool for creating and sharing simple yes/no polls.