I want to validate user input on a Web Form, like valid numbers, date etc. Which one is the better way to validate, using Javascript functions or using Constraints in SQL Server?
I want to reduce the code as much as possible and want to use most of the power of SQL Server itself.
You must do both. Client-side validation to prevent all but sensible input, and server side (including in code prior to hitting the database), to prevent more malicious attempts at doing things.
So, in ASP.NET, at the very least, use the built-in validator controls, which emit JavaScript if you want them to. Then, in server-side events that occur when, say, a submit button is clicked, check Page.IsValid to ensure the JavaScript was not bypassed. Next, ensure you are using parameterized queries to prevent SQL injection. And, lastly, always use constraints to ensure data correctness if all else fails.
I would suggest both on the client side and on the server side, as potentially someone could have Javascript disabled and still be able to submit invalid content.
I would suggest either writing constraints on your server side (in your actions) and then in your client side JS; alternatively you could look into ASP.Net MVC which allows you to write the validation in your model class (.cs) and then via an AJAX form the client side validations will be performed automatically.
Both because :
1) if you allow the web form to pass invalid input, you are wasting bandwidth. Plus you have to prepare another page which says "oh you input something wrong please try again haha"
2) if you allow the DB to accept invalid input, its outright wrong because you risk corrupting the data (e.g. when javascript validation fails or missed something)
Really this depends on what you are looking for. If you want something that is quick and very load load then using Javascript is the best way to go since there is no round trip to the server and wait times for the client. Downside is that Javascript can be disabled. This means you also have to have validation in your ASP. I wouldn't go with using constraints in the DB other than what is required for a relational database because that just makes your site break.
The general rule when submitting data via web forms is that you must validate on the server side, and you may also validate client side.
If by "SQL vs. JavaScript" you mean server vs. client, the SQL is imperative; the JavaScript is optional but in modern apps you validate to avoid roundtrips to the server. Note that you may perform server side validation outside the database but in many cases, as in your words, "leverag[ing] the power of SQL Server" is appropriate.
I guess that it depends on whether or not you will be writing into the database from a different application. I am a big proponent of enforcing data restrictions at the database level, as well as the client application level, because you never know when you are going to need to write a random script to batch import data from a different source etc.
