Data validation in software

Question

Should the data validation be in the application/business layer or should it part of the data access layer-acting as a gateway to what goes into the data store?

Answer 1

It depends:

• Always validate and/or sanitize user-input.
• Validation in the data access layers facilitates multiple applications without redundant validation code.
• In client/server communications, client-side pre-validation can save a round-trip (when the data is invalid).