Be sure to perform validation on the server. If there is a bug in your application (or malicious attacks) and entering inconsistent data in the database, it will be very difficult to fix.
I recommend that you validate in at least 2 places:
- Database, using constraints , foreign keys and unique indexes li>
- Application (Rails model layer)
Placing validation in JavaScript is more convenient for the user (he does not need to submit the form to see that some field is incorrect), this is at your discretion. But what will guarantee safety are the two approaches above.
I always suggest putting safety and reliability above performance. What's more, I do not think the performance difference is significant in this case.
See these two related questions:
Tip :
You can use gem foreigner to have integration of foreign keys with the Rails database versioning ).
Remember that there are methods that do not trigger Rails validations:
- decrement!
- decrement_counter
- increment!
- increment_counter
- toggle!
- touch
- update_all
- update_attribute
- update_column
- update_columns
- update_counters
You can also explicitly skip validation this way:
- save(validate: false)
Source: Rails Official Validation Guide