Me Vs a PHP teacher

Him:
And to do login, we just do SELECT username WHERE password = (userinput)

Me:
Really? Checking raw userinput against plaintext password?

Him:
There is no point in doing it securely here because if they want, the students can go take a seperate course on security

Me:
So no point in teaching students that they should write their code secure by default and just leave it as a afterthought?

Him:
Yes, because this is how i have always done it

Me:
———

Him:
Okay, time for a break
*leaves room*

Me:
*Uses the break to teach all students about sql injection, password hash and salt, rainbow tables and user input sanitizing*

Him:
*comes back*

Students to teacher:
He's right, if you dont teach us to code securely by default, we are likely to end up causing a data leak or be hacked, if you dont teach us properly we have no point coming here

Me:
*Smiles at the teacher with a face that says: Pwnd*

Him:
Alright then, tell me whats wrong in my code

I was so proud that i helped the class understand secure by default principles

Are you serious? Are you afraid of an SQL injection or something, and instead of properly sanitizing your queries you disallow characters? Or is your software and database so outdated that you're afraid special characters will break it? Goodbye security

Let's get something straight people, the trend to change terms in programming languages for PC approved ones is NOT for "making the workplace a better place".

If you are one of those who say "oh it's just terms, if it makes them feel better why not?", "I don't care so should everybody else", "the outrage proves we need to change the terms!".

No sir, first of all, since when has programming been about ditching standards to make people "feeel" better? Since when has engineering been about that?! We are engineers, we don't change shit and waste effort trying to fix things that are working.

Second, this word cleansing does NOT come from a well intentioned one, it's not about making the workplace a better place, it's not about minorities, it's about sanitizing language from an ideological and political standpoint to please an agenda pushing minority who doesn't give a shit about any real social issues.

They have done it to movies, videogames, news, political speech, magazines, books and now programming. It doesn't stop and they will never be satisfied, it's not about changing the terms, no one gives a shit about the terms, it's about pandering to ideological crybabies who want to control what you say because it "offends" them or some supposedly oppressed group from which we just hear anecdotal evidence.

Personally I wouldn't give a shit if it was for technical reasons, but it's not and I've seen what this shit does to communities I love and I won't stand it happening to the dev community just because some weak ass, no balls coders decided to pander to the retards on the far left to score virtue points instead of standing their ground.

Are you worried about oppressed groups? Donate money to third world children, speak out about women in Siria, travel to actual shitty 3rd world countries so you realize changing words on a GitHub repo on your expensive ass MacBook, sipping your soy based coffee on an office with air conditioning is not making the world a better place you delusional prick.

You want to ignore the facts be my guest, be willfully ignorant, but I will not police myself and my ideas for your ideological beliefs, not in gaming, not here. Fuck off.

To anyone that isn't sanitizing the input on their websites: I know where you live. You told me, remember?

Updating code for big client.

Find that they are not encrypting passwords in the database and are not sanitizing user input from forms.

Do not trust the user!

So, I just created an account on a premium objective information website. It basically sells access to several articles on laws and general "financial relevant subjects". It is important for my work and they have pretty strict password requirements, with minimum: 18 characters length, 2 HC, 2 LC, 2 special, 2 numbers.

Without thinking twice, openned Keepass and generated a 64 length password, used it, saved it. All's good. They then unlocked my access and... wrong password. I try again... wrong password.

Thinking to myself: "No, it can't be that, maybe I only copied a portion of the password or something, let me check on CopyQ to see what password I actually used."

Nope, the password is indeed correct.

Copy the first 32 characters of the password, try it... it works...

yeah, they limit password length to 32 characters and do not mention it anywhere ... and allow you to use whatever length you want... "Just truncate it, its fine"

Transforming company to school.

Fuckers still haven't taken any sanitizing and other hygiene measures.

Tl;Dr
Nothing much yet

so i did this nice tool with data structures, dynamic ui composing, input sanitizing, modularity and scalability with tidy and efficient javascript and useful css.

showing it to my boss: "cool what you can do with html". WAT?

(he is not a programmer but knows i´m into web-programming)

I heard I should not allow users to inject arbitrary text into my webpage without sanitizing it. Is it a clean solution to just eval it on the (node) server, and if it runs not post it because it's obviously JS and not just text?
Any opinions on that?