I met a coder (via Twitter) when I was looking for someone to help me with some stuff. He had a great resume with buckets of experience listed on it. He was approx 35 so I believed the resume and he "talked the talk" as well as any coder I've ever met. As it turned out, he never did any work with me... but... an old friend of mine was looking for someone to help with his new site.<p>The site was a simple points/wallet system that you can earn points by filling out surveys and then download games using those points.<p>So, without thinking too much of it, I put the new coder buddy I had met via Twitter in touch with my old friend. My friend interviewed him and agreed that he looked like a great guy with lots of experience.<p>Anyway, he quoted 7 days work at a cost of $2k to do the job.<p>Everything was fine, and he delivered about 80% of the site. Then my friend made the mistake of paying him the final 50% because he was happy with the work to date.<p>After this, the developer stopped work.<p>After which point, each time he was sent an email asking when the next 20% would arrive, he would send back an email saying that he only had a couple of hours left and he would complete the site within the next day or so.<p>This went on for 6 weeks. Which of course drove my friend nuts, who finally contacted me to get involved.<p>My gut reaction was that my friend was over dramatizing and that I would be able to resolve the issue. So I spoke to the developer and he assured me that there was only few hours work left and he would get it done in a few days.<p>So, I set up a bug tracker and I checked in the exiting code to svn to make it a bit more track-able and easy to sign off the final 20% - after all there was only 5 small issues.<p>So, now what happened was, every few days I would send this guy an email saying hows it going, and he said I've finished everything. I'm going to commit it tonight.<p>This went on for two weeks.<p>At which point I realised that he was never actually going to do the work. So I had to apologize to my friend and find another trusted resource to finish it.<p>Then, after cutting this developer off by changing all the passwords etc, I decided to have a closer inspection of the code he'd written.<p>Well, let me just say that he had used a code generator to build many active record style classes that loaded rows from the db with insert/update etc... Not a problem right? But the code was so bad!<p>For example, there was zero use of a database abstraction layer, and each of these code generated classes had the full mysql declarations inside the objects.<p>He then tied up these classes with some verrrry questionable procedural logic.<p>NONE of the db queries anywhere were escaped. Even for form input. So not only could you easily perform SQL injections, but any one who typed a ' into an HTML form would break the system.<p>What amazes me is, how could you write a code generation tool that generated such bad code. Surely during the course of his career he woudl have noticed that the most basic of bugs was present in all the SQL. Wouldn't you think, after years of using the same code generation tool to re-factor it?<p>I can tell he's been using the same tool for a while because it's using PHP4 style constructors rather than __construct.<p>Anyyyyway.<p>The question I have for you is... What can be done about con artist coders like this? Is there anything? Should there be some kind of "con artist coder" registry?<p>It doesn't seem right that this guy will be working for other clients, when he is clearly not going to have their best interests at heart.<p>All thoughts, much appreciated.