Keep on both.
The thing I see most today are systems where the rules are only in the application, since currently knowing the minimum database seems to be a big requirement.
What happens? In the best of scenarios, where only your application uses the database: some user goes there directly in the DBMS and erases some data. Since there are neither foreign_keys, ready: now the data is inconsistent. And I see this with a frightening frequency.
In the worst-case scenario, multiple applications will have access to the same database.
Then, at a minimum, also keep the fields that are required (defined as NOT NULL
) foreign keys in the database, and use constraints for values such as ENUM in MySQL (or Oracle CHECK) when possible
Validation (at least mandatory fields) and constraints (such as foreign_keys) on the seat are like seat belts: you will find that you never need them until an accident happens.