| You forgot to escape your HTML output. http://fastask.it/%3Cscript%3Ealert%28%22asdf%22%29;%3C/scri... Also, there's SQL injections too: http://fastask.it/%27 http://fastask.it/%27%20OR%201=1;-- And you can vote more than once, because there's no server-side check: (ignore the question text) http://fastask.it/register_votephp Also, including a slash in a question (like "Red is good, yes/no") breaks your layout due to relative paths: http://fastask.it/a/b The maximum length of questions is also only validated on the client. This question is longer than the normally allowed length: http://fastask.it/asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-as... Your server side cuts too long questions off at some point too; this was originally 8kb of periods, plus the string "8kb": http://fastask.it/8kb I think it's now 225 periods, so that might be the size of your "ask" column in the question table. Also, if you click a vote button really fast you can vote multiple times (until a request success callback is called and the button is faded away). Also, the "No"-button seems to have stopped disabling itself entirely, at least for me. You should probably read up prepared statements for MySQL, about input sanitizing, and security in general :) In terms of the non-technical side: I had no idea what was going to happen after I clicked "Create". If you promise Instant answers, why would the button be named "Create" and not "Answer"? But the questions are not answered Instantly, so I would remove that term from your entire site. I'd term it "polling" instead of "asking a question"/getting "answers" as well, since it's just yes/no. And what use-cases do you have in mind? If it's for group emails or quick polls or whatever, perhaps add a comment box for responses that are more than just yes or no. |