Backend Development Prompts: Python, Node.js, PHP

Backend code crosses many languages and frameworks, but the prompt skeleton is remarkably consistent. Get the runtime, the framework, the error model, and the persistence layer right — the rest is mostly typing.

1. Introduction

Whether you live in FastAPI, Express, Laravel, or Django, the patterns the AI needs to know are roughly the same: how do you handle errors, how do you talk to your database, how do you authenticate, what's your logging style? In this tutorial we walk through a single backend task — a "create user" endpoint — and show how to prompt for it in Python, Node.js, and PHP. The underlying prompt shape barely changes; only the stack-specific lines move.

2. The Concept Explained

A backend prompt has five recurring slots:

Runtime & framework — Python 3.11 + FastAPI 0.110, Node 20 + Express 4, PHP 8.2 + Laravel 11. Versions matter.
Persistence — which database, which ORM/query builder, transactional behaviour.
Error model — how errors are surfaced (exceptions vs result types, custom error classes, HTTP shape).
Cross-cutting concerns — auth, logging, observability, validation library.
The task itself — the function, route, or service you are generating.

Imagine onboarding a contractor: you would tell them the runtime, the database, how the team handles errors, and which logger is wired up — before describing the actual ticket. Skip those four and the contractor builds something that needs rewiring on review. The same is true for AI.

The "stack header" pattern

The most efficient practice is to write a reusable stack header once and paste it at the top of every backend prompt session. The header changes per project, not per task — so you save it next to your prompt library. Then every individual prompt becomes short, because the framework context is already established.

3. The Problem Without This Technique

Without a stack header, every backend prompt becomes a coin flip on which framework, ORM, and error pattern the AI picks. Output looks plausible but does not fit your project.

Weak prompt

create a user signup endpoint that hashes the password
and saves to the database

The AI will pick a random combination — perhaps Flask with SQLAlchemy and Werkzeug, or Express with Mongoose and bcrypt — none of which might match your real stack. You then spend more time porting than you would have writing it.

4. The Solution

Strong prompt — Python / FastAPI

Runtime: Python 3.11, FastAPI 0.110, SQLAlchemy 2 (async), asyncpg driver.
Validation: Pydantic v2 BaseModel.
Errors: raise HTTPException(status_code=..., detail={ "code": ..., "message": ... }).
Logging: structlog (already configured as `log`).

Build POST /users.

Request (Pydantic model SignupRequest):
  email: EmailStr
  password: constr(min_length=8, max_length=128)
  display_name: constr(min_length=1, max_length=80)

Behaviour:
- Check if email already exists. If yes → 409 with code 'EMAIL_TAKEN'.
- Hash password with bcrypt (cost factor 12). Use the existing
  `hash_password(plain: str) -> str` helper from `auth.security`.
- Insert into `users` table (columns: id uuid default gen_random_uuid(),
  email, password_hash, display_name, created_at default now()).
- Return 201 with the public user object: { id, email, display_name, created_at }.
  Never return the password_hash.

Output: only the route function and the SignupRequest model. No router setup.

Strong prompt — Node.js / Express

Runtime: Node.js 20 ESM, Express 4, TypeScript strict mode.
ORM: Prisma 5 (client exported from `../lib/prisma.ts` as `prisma`).
Validation: zod 3.
Errors: respond with { error: { code: string, message: string } }.
Auth: public route, no middleware.
Logging: pino (imported as `log` from `../lib/log.ts`).

Build POST /users.

Body schema (zod): email (email, lowercased), password (8..128 chars),
displayName (1..80 chars).

Behaviour:
- Look up existing user by email. If found → 409 with code 'EMAIL_TAKEN'.
- Hash password with argon2 (default options) via existing
  `hashPassword(plain): Promise<string>` helper from `../lib/security.ts`.
- Create user via prisma.user.create.
- Return 201 with public fields only: { id, email, displayName, createdAt }.

Output: the handler function only. No router wiring.

Strong prompt — PHP / Laravel

Runtime: PHP 8.2, Laravel 11.
Validation: Laravel FormRequest.
Errors: throw `App\Exceptions\ApiException(string $code, string $message, int $status)`
  which the global handler converts to JSON { error: { code, message } }.
Persistence: Eloquent User model (mass-assignment guarded; only email,
password, display_name fillable).
Logging: Log facade.

Build POST /users (controller method `UsersController@store`).

FormRequest rules:
- email: required, email, lowercase, max:255, unique:users,email
- password: required, string, between:8,128
- display_name: required, string, between:1,80

Behaviour:
- If validation already fails on unique → return 409 ApiException
  code 'EMAIL_TAKEN'. Otherwise normal 422 for validation errors.
- Hash password with bcrypt via Hash::make().
- Create the user. Return 201 with: { id, email, display_name, created_at }.

Output: just the controller method and the FormRequest class. No routes file.

Notice that the five slots — runtime, persistence, error model, cross-cutting concerns, task — appear in every example. The vocabulary changes; the structure does not. That is what makes the prompt skeleton transferable across stacks.

5. Step-by-Step Breakdown

Write a reusable stack header. Runtime, framework, ORM, validation, error format, logger. One paragraph at the top of the chat.
Reference existing helpers by name. If your project already has hashPassword or requireUser, name them so the AI doesn't reinvent them.
Specify validation rules in the prompt, not in prose. Use the actual library syntax. Pydantic, zod, Laravel rules — the AI will mirror precisely what you write.
Map every business outcome to an HTTP response. Success, validation failure, conflict, server error. No outcome should fall through to a default 500.
Be explicit about what to return. Public fields only — never password hashes, internal IDs, or anything the API contract doesn't promise.
Limit the output surface. "Only the controller, no routes file" prevents the AI from generating an entire scaffold when you wanted one method.

Tip: Once a stack header works well, save it as a snippet (TextExpander, an IDE snippet, a saved prompt). Reusing it across the team is the cheapest way to make AI-generated backend code look uniform.

6. Practice Exercises

Exercise 1

Write a stack header for your current backend project — runtime, framework, ORM, validation library, error shape, logger. Use it for your next three backend prompts and notice how much less you have to repeat.

Exercise 2

Pick a small backend feature you have built recently. Reconstruct it from scratch using only AI prompts, one endpoint at a time, each starting with your stack header. Time yourself. The first time is the slowest; the third time will be 3–5x faster than writing it by hand.

Exercise 3

Generate the same endpoint in two languages your team uses (e.g. Python and Node.js). Compare how the error handling differs idiomatically in each. Notice that the prompt difference is small but the output difference is large — that is the power of the stack header.

7. Key Takeaways

The same five-slot prompt skeleton works across Python, Node.js, and PHP — only the stack-specific lines change.
Always write a reusable stack header. It is the single biggest productivity unlock in backend AI work.
Map every business outcome to a specific HTTP response with a stable error code.
Reference existing helpers by name so the AI doesn't reinvent your auth, hashing, or logging utilities.
Explicitly state what to return — public fields only, never internal state.

Discussion

Frontend Development Prompts: HTML, CSS & JavaScript Prompt Patterns for Data Structures & Algorithm Problems