Validating hard-coded vs user data

I'm building validations in a model which contains user input as well as
hard-coded and program-generated values. Is the purpose of validation
to protect the db from bad user data, or possible programmer errors
(typos, etc) as well? How paranoid should I be in my validations?


Validate things that your application is going to rely on, regardless
if the values are from user input or set programatically. That
usually includes the validating presence_of key data fields and
associations. Stick to the important stuff and don't waste your time
crafting complicated validations that are just going to frustrate you
and your users.

It's easy to blow half a day creating a phone number regex validation
that's a work of art. But that falls apart when a user wants to enter
"123-456-7890 (don't call after 5 pm)".