Complaint Review: Leon Williams - London

As of July, 2015, Leon Williams claims to be completing his dissertation towards a web development degree from SAE Institute, London, accredited by Middlesex University.  He may indeed complete his degree, but do not trust in his competence. He claimed that he was capable and experienced in developing a PHP platform website; he was neither capable nor experienced.  He took my money upfront towards the development of a website and subsequently provided a website that he knew did not function at all on any machine but his own (and even then was unreliable).  He claimed that his work was of a high standard and that "bugs" were to be expected, although he had no intention of fixing the "bugs" that he was responsible for.

When presented with a threat of lawsuit, he signed an admission that he provided unacceptable service, promising in writing that he would repay the fees I paid him, a total of 600 GBP.  With an agreed upon repayment plan, spaced out generously as to provide a practical opportunity to actually repay my money, he missed the first repayment due date without notice or explanation.  When contacted he replied that he no longer had any intention of repaying me since he provided me with a website. 

I explained that it was already a matter of stipulated fact that the website did not function and that he would repay me.  He responded that it was a "fact" that I didn't "know what I was talking about".  This was consistent with and indicative of his typically rude customer service throughout the development process.  I affirmed that I was serious about the lawsuit and he told me to "man up" and accept that he didn't have any money and that he wasn't going to be able to pay me back.

After reasserting my threat of a small claims court suit, he eventually returned to claiming his intention of paying me back once he finished his dissertation and became employed.  I have significant doubts about his employability and his intention of ever paying me back. He obviously cannot be trusted in business matters, but furthermore, he cannot be trusted to evaluate the quality of his own work.

His coding was evaluated by multiple experts, including his own teacher and two reputable industry professionals and was found to be well below industry standards.  Having demonstrated misunderstanding of basic online privacy security as well as justifying his sloppy coding as analogous to a programmer's "signature", he clearly lacks any capacity for professional accountability or self-relfection.  Some of the written evaluation of his coding from one industry professional is quoted below:

"database and smtp credentials are hard-coded in files within document root

many instances of database queries that are vulnerable to SQL injection attacks

pages are vulnerable to cross-site scripting attacks

no database abstraction layers: SQL queries are hard-coded and sprinkled all over the server-side scripts

messy code, redundant code, uncommented code: generally signs of new or hobby programmers who haven't built anything professionally

tried to use back-end scripting to handle front-end decisions, while avoiding front end packages and AJAX calls

fails to implement at all, or loosely implements, input sanitization and parameter binds (programmer's attempt to sanitize parameters in AccountController got a big laugh...)

includes remote bootstrap js and css files from separate servers and of different versions

php snippets throughout code make implementation messy, needlessly complex, and a nightmare to update, maintain, or pass off to another programmer

egregious use of hard-coded styling

writes passwords to database in plaintext; does not implement hash or salt.

poor or non-existent error handling; database errors echoed to response

This code strikes me as having been written by a new, self-taught, hobby programmer, who picked up coding practices by Googling code snippets from the web.  It's very messy and in some places outright dangerous.  PHP often gets a bad rap because people say it's a programming language that runs bad code very well.  This is a prime example of the code they're talking about.

The programmer does show understanding of some fundamental building blocks and algorithm, but lacks understanding of many critical concepts, particularly separation of style, content, and control; modularization; security; and front-end AJAX/XMLHttpRequests.  Programmer has generated a code base that would be painful to manage, debug, or transfer."

Do not risk the aggravation of working with this sadly incompetent, dishonest and rude young man.