For instance, if I want to check is the input has only alphanumeric characters and is more than 10 characters long. Should I just check it server-side? Or server-side and in the database (query) itself? Or just go for the gusto and check it client-side, server-side, and db-side?
Just trying to find the right balance of checking.
There should never be a need to do it both server-side and in the database. Whether or not you check it on the client-side depends on your environment and how the application functions. In a web application, if you have lots of client-side script running to do various other things, then client-side validation is ideal, if not necessary. The important part is that you need to do all validation server-side, even if you do some of it client-side, because it is fairly easy to get around client-side validation if you want to.
Even if you aren't doing lots of client-side wackiness, client-side validation is very beneficial because it reduces requests to the server, which can greatly help performance (both perceived and actual).
Doing validation in the database is the wrong place to do it because validation is typically driven by business rules, and your data layer should not be the owner of business rules.