validation on client side makes it looks "nice", so thats of course to be implemented.
However client-side means it can be easily turned off or just passed by.
so thats where server side comes in.
Basically you should validate always where there is a risk data has been manipulated.
Basic rule to follow is: "Never trust user input".