

Please review my project - andrewoons

We created a simple tool for asking quick questions and getting extremely fast answers to that question. The generated url for the question is easily shareable.<p>We would love some feedback on our project so we can improve it and make it even more fun and simple to use.<p>The url is http:&#x2F;&#x2F;fastask.it<p>Thanks in advance!
======
computer
You forgot to escape your HTML output.

[http://fastask.it/%3Cscript%3Ealert%28%22asdf%22%29;%3C/scri...](http://fastask.it/%3Cscript%3Ealert%28%22asdf%22%29;%3C/script%3E)

Also, there's SQL injections too:

[http://fastask.it/%27](http://fastask.it/%27)

[http://fastask.it/%27%20OR%201=1;--](http://fastask.it/%27%20OR%201=1;--)

And you can vote more than once, because there's no server-side check: (ignore
the question text)

[http://fastask.it/register_votephp](http://fastask.it/register_votephp)

Also, including a slash in a question (like "Red is good, yes/no") breaks your
layout due to relative paths:

[http://fastask.it/a/b](http://fastask.it/a/b)

The maximum length of questions is also only validated on the client. This
question is longer than the normally allowed length:

[http://fastask.it/asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-
as...](http://fastask.it/asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-
asdf-asdf-asdf-asdf-324234324432432324432234234)

Your server side cuts too long questions off at some point too; this was
originally 8kb of periods, plus the string "8kb":

[http://fastask.it/8kb](http://fastask.it/8kb)

I think it's now 225 periods, so that might be the size of your "ask" column
in the question table.

Also, if you click a vote button really fast you can vote multiple times
(until a request success callback is called and the button is faded away).

Also, the "No"-button seems to have stopped disabling itself entirely, at
least for me.

You should probably read up prepared statements for MySQL, about input
sanitizing, and security in general :)

In terms of the non-technical side: I had no idea what was going to happen
after I clicked "Create". If you promise Instant answers, why would the button
be named "Create" and not "Answer"? But the questions are not answered
_Instantly_ , so I would remove that term from your entire site.

I'd term it "polling" instead of "asking a question"/getting "answers" as
well, since it's just yes/no. And what use-cases do you have in mind? If it's
for group emails or quick polls or whatever, perhaps add a comment box for
responses that are more than just yes or no.

------
maddisc2
HI

I think it should say get instant yes/no answers to simple questions.

A border round the input box might be worth while, but I am old school!

Good luck with it!

------
jsegura
If you type a "?" in the textbox it generate the following link:
"[http://fastask.it/"](http://fastask.it/"). I think that in that if the
question has no printable characters (?, space, enter) you should behave as if
no answer is entered.

What do you think?

------
v08i
[http://fastask.it/%3Cscript%3Ealert%28'test'%29;%3C/script%3...](http://fastask.it/%3Cscript%3Ealert%28'test'%29;%3C/script%3E)

This link is throwing a PDO exception and has exposed your server path which
is potentially dangerous.

------
lbr
It's very simple. But your description is unclear: >a simple tool for asking
quick questions and getting extremely fast answers to that question.

It's really a tool for creating and sharing simple yes/no polls.

------
known
Try [http://www.coverity.com/](http://www.coverity.com/)

------
ColinWright
Clickable: [http://fastask.it](http://fastask.it)

------
mattgecko
You should make it obvious that it needs to be a Yes or No answer question

~~~
jsegura
Totally agree

------
ryanshaun
[http://fastask.it/am-i-gay](http://fastask.it/am-i-gay)

