Hi I have 2 qns....

I'm writing the api for db read/write and im confused abt a couple of things..

1. Where should validation of input occur?

I'm writing functions to check every single incoming field: userid, date, password, etc. I was thinking if i check user input the moment he calls a "write to db" function, would i then need to do more validation on the html form itself? if i do so, wouldnt i be checking twice, which is wasting proc. time?


2. Currently, apart from field specific data validation of format(which im using REGEX for), I'm also validating for correct length and correct type (strlen()/is_string()/is_int()), along with the whole ADDSLASHES, urlencode shebang.
Am I putting in too much validation? I fear by the time I'm done, it will take a user 10 seconds to add some data, coz of all these checks..


would appreciate help!
thanks!