I have written hundreds of thousands of lines of code over my 15 years; writing some types of code has become tedious and well frankly, just boring. File uploads, CRUD, forms 🥱.
This is why I use AI, it can do the scaffolding for me so that I can focus on more interesting stuff.
I don't however just blindly copy-and-paste, I review all the code generated and optimize or tweak where needed.
A simple hack
Earn your stripes first, it may be tempting to just ask AI but this is dangerous because you are relying on a tool that could give you wrong advice. Having little to no experience, you probably won't pick up discrepancies.
Here's an AI generated example:
if ($request->hasFile('file')) {
$file = $request->file('file');
$fileName = Str::uuid() . '.' . $file->getClientOriginalExtension();
// Store in public/storage/uploads/tinymce
$path = $file->storeAs(
config('tinymce.upload_path'),
$fileName,
'public'
);
return response()->json([
'location' => Storage::url($path)
]);
}
This is a basic example, but a good reference to drive home my point. Many things are wrong here, but the most important is that there's no mime-type validation.
The code probably works just fine, it'll upload the file and return a success message. A junior dev might move on and assume everything is okay!
The problem comes in when a malicious user uploads a bad file that can be a virus or some kind of hack, now you have compromised your whole app and your users too!
A better approach would be to use Laravel's validator and apply some validation rule checks:
$request->validate([
'file' => 'required|file|image|mimes:jpeg,png,jpg,gif|max:5120'
]);
Advice for junior developers
Should you use AI? Absolutely! Use AI to quickly look up information and even generate code where it makes sense, this is perfectly fine.
Don't rely solely on AI to write code or blindly trust it either. Expand your knowledge by reading books from reputable authors, following podcasts from top developers, reading blogs, and practicing, practicing on your own first. Understand the logic behind the code you writing or getting AI to write.
Top comments (2)
I agree, never add generated code as is.
Before AI we had tutorials where people didn't add good practices, because they want to show something working. And beginners just copy-pasted the code.
I think with AI that problem could get bigger, especially when AI generates larger and larger chunks of code. I think even for seasoned developers it is going to be harder to do code checking.
You could use different AI solutions for code generation and code review, and then spot check the code. Solutions like Devin are the same as one person that is in charge of writing the code and reviewing it. We know that causes blind spots.
Thanks for reading, yeah this is so true! I guess we have to be more vigilant in PRs to ensure this junk code doesn't creep in. Also, static analyzers and other related code scanners will become more important than ever.