Should input validation be client-side or server-side for Enterprise applications?

Question

I know maybe there's question about validation in client or server. but this one for Enterprise applications such as Sales, Clients systems

Should the input validation like number, strings, dates be in client-side ? or strongly be in both ? or in server-side only.

Reason of asking is :

1. I see some professional accountants who can change some of input tags by Inspect browser. some of them change the change the debit value of transaction which is limited by client-side validation.
2. Some guys who works as end-users also try to change dates to previous duration by Inspect ( do something in client ) ! and that not allowed and all web-based make these validation from client-side.

In server-side validations example( Check for branch if exists, check if Store Exists. no problem happened at these scenarios because its server-side already. ) i don't speak about these points ( which related to Database things )

Again. sorry for asking question as this. but please give opinions from people who works on Enterprise solutions will help me to take a choice.

Answer 1

Always validate all user data on the server side. Like in ALWAYS and ALL.

Client side validation is only for UX.

Edit: added all.

P.S.: You can't trust the user
P.P.S.: You cannot trust the user!!! I might not even be a user sitting at his desk in front of the screen. It might just be a software that tries to breach your form. And by it might I really mean it will! There are thousands of crawlers out there that eventually will attack your system.