Validating hard-coded vs user data

I'm building validations in a model which contains user input as well as hard-coded and program-generated values. Is the purpose of validation to protect the db from bad user data, or possible programmer errors (typos, etc) as well? How paranoid should I be in my validations?


Validate things that your application is going to rely on, regardless if the values are from user input or set programatically. That usually includes the validating presence_of key data fields and associations. Stick to the important stuff and don't waste your time crafting complicated validations that are just going to frustrate you and your users.

It's easy to blow half a day creating a phone number regex validation that's a work of art. But that falls apart when a user wants to enter "123-456-7890 (don't call after 5 pm)".