Should the data validation be in the application/business layer or should it part of the data access layer-acting as a gateway to what goes into the data store?
Solution
It depends:
Always validate and/or sanitize user-input.
Validation in the data access layers facilitates multiple applications without redundant validation code.
In client/server communications, client-side pre-validation can save a round-trip (when the data is invalid).