Skip to main content

AI Prompt Engineering For Developers

The quality of AI-generated code is directly proportional to the quality of your prompts. Learning to write effective prompts is one of the most valuable skills in AI-assisted development.

Bad Prompts vs Good Prompts

Bad Prompt

make me a login system

This prompt is too vague. The AI will make assumptions about:

  • Language and framework
  • Security requirements
  • Database structure
  • Authentication method
  • Session handling
  • Error handling

The result will be generic, likely insecure, and probably won't fit your project.

Good Prompt

Create a Laravel 11 login system with the following requirements:

Framework: Laravel 11 with Sanctum
Database: PostgreSQL
Authentication: Email/password with bcrypt hashing
Security:
- Rate limiting: 5 attempts per minute per IP
- CSRF protection enabled
- Password: min 8 chars, 1 number, 1 special char
- Session expires after 24 hours
- Log all auth attempts

Structure:
- AuthController handling HTTP requests
- AuthService for business logic
- UserRepository for database access
- RateLimiter service

Please include:
- Input validation
- Error handling
- Proper HTTP status codes
- JSON responses for API endpoints

Key Principles

1. Be Specific

Bad: "add validation to this form" Good: "Add Laravel validation rules: email is required and must be valid email format, password is required and must be at least 8 characters with at least one number"

2. Define Constraints

Always specify:

  • Security requirements — authentication method, encryption, rate limiting
  • Performance requirements — response time limits, caching strategy
  • Compatibility requirements — browser support, API versions
  • Code style — naming conventions, file organization

3. Provide Context

The AI needs to understand how the code fits into your project:

Context:
- This is a Next.js 14 app with App Router
- We use Prisma ORM with PostgreSQL
- Authentication is handled by NextAuth.js
- The UI uses shadcn/ui components
- We follow the repository pattern for data access

4. Specify Output Format

Tell the AI exactly what you want:

Please provide:
1. The complete component code
2. TypeScript types/interfaces
3. Error handling for all edge cases
4. Unit tests using Vitest
5. Brief documentation on usage

5. Iterate and Refine

Don't expect perfect results on the first try. Use follow-up prompts to refine:

That's close, but:
1. Add input sanitization for XSS prevention
2. Use parameterized queries instead of string interpolation
3. Add logging for failed attempts
4. Return proper HTTP status codes (201 for creation, 422 for validation errors)

Prompt Templates

Feature Implementation

Implement [feature] for [framework] with:

Functional Requirements:
- [requirement 1]
- [requirement 2]

Technical Requirements:
- Database: [type]
- Authentication: [method]
- Caching: [strategy]

Security Requirements:
- [security requirement 1]
- [security requirement 2]

Architecture:
- [component 1]: [responsibility]
- [component 2]: [responsibility]

Please include:
- TypeScript types
- Error handling
- Input validation
- Unit tests

Code Review

Review this code for:
1. Security vulnerabilities (OWASP Top 10)
2. Performance issues
3. Error handling gaps
4. Type safety
5. Best practices for [framework]

[code]

Refactoring

Refactor this code to:
1. Improve readability
2. Add proper error handling
3. Follow SOLID principles
4. Add TypeScript types
5. Improve testability

Current code:
[code]

Common Mistakes

MistakeWhy It's BadBetter Approach
Vague requirementsAI makes incorrect assumptionsBe explicit about everything
No security contextGenerated code may be insecureAlways specify security requirements
Missing error handlingCode fails silentlyRequire comprehensive error handling
No testing requirementsUntestable codeAsk for tests alongside implementation
Single-shot expectationRarely perfect on first tryPlan to iterate and refine

Advanced Techniques

Chain-of-Thought Prompting

Ask the AI to reason through the problem first:

Before writing code, outline your approach:
1. What components are needed?
2. What are the data flow and states?
3. What edge cases should be handled?
4. What security considerations apply?

Then implement based on your outline.

Constraint Injection

Embed requirements directly in the prompt:

IMPORTANT CONSTRAINTS:
- All database queries MUST use parameterized statements
- All user input MUST be validated and sanitized
- All API endpoints MUST have rate limiting
- All errors MUST be logged with context
- All secrets MUST use environment variables

Example-Driven Prompting

Provide examples of the style and quality you want:

Here's an example of the code style I want:

[example of well-written code in your project]

Now implement [feature] following the same patterns.

The Bottom Line

The quality of your AI-generated code is limited by the quality of your prompts. Invest time in writing good prompts, and you'll get better results every time.

Last updated on