• Home
  • About
User's profile
Kevin Naidoo Published on Jan 8 • 2 min read

Dangers of AI coding tools

I have written hundreds of thousands of lines of code over my 15 years; writing some types of code has become tedious and well frankly, just boring. File uploads, CRUD, forms 🥱.

This is why I use AI, it can do the scaffolding for me so that I can focus on more interesting stuff.

I don't however just blindly copy-and-paste, I review all the code generated and optimize or tweak where needed.

A simple hack

Earn your stripes first, it may be tempting to just ask AI but this is dangerous because you are relying on a tool that could give you wrong advice. Having little to no experience, you probably won't pick up discrepancies.

Here's an AI generated example:

     if ($request->hasFile('file')) {
            $file = $request->file('file');
            $fileName = Str::uuid() . '.' . $file->getClientOriginalExtension();

            // Store in public/storage/uploads/tinymce
            $path = $file->storeAs(
                config('tinymce.upload_path'),
                $fileName,
                'public'
            );

            return response()->json([
                'location' => Storage::url($path)
            ]);
        }
Enter fullscreen mode Exit fullscreen mode

This is a basic example, but a good reference to drive home my point. Many things are wrong here, but the most important is that there's no mime-type validation.

The code probably works just fine, it'll upload the file and return a success message. A junior dev might move on and assume everything is okay!

The problem comes in when a malicious user uploads a bad file that can be a virus or some kind of hack, now you have compromised your whole app and your users too!

A better approach would be to use Laravel's validator and apply some validation rule checks:

 $request->validate([
    'file' => 'required|file|image|mimes:jpeg,png,jpg,gif|max:5120'
 ]);
Enter fullscreen mode Exit fullscreen mode

Advice for junior developers

Should you use AI? Absolutely! Use AI to quickly look up information and even generate code where it makes sense, this is perfectly fine.

Never! Ever! just rely on AI to make architectural decisions for you, or blindly trust it either. Simply copying and pasting code without reviewing it first is just asking for trouble. Instead, deepen your understanding by reading, learning, and always striving towards mastery.

Understanding the logic behind the code you are writing is important because AI cannot think for itself or understand the full context in which that code will run. It's just a fancy algorithm that's predicting the next best sentence, paragraph, or body of code.

The best way to become good at anything is to just roll up your sleeves and put in the work, build projects on your own without AI first, and learn the fundamentals until they become second nature.

PS: If you looking for more in-depth WebDev and AI-related content, please consider visiting and following me on my blog at kevincoder.co.za. I would really appreciate your support 🙏.