Do it in both.
DB to make sure all non app accesses don't fuck it up, App so you can give the user real error messages.
Rather than:
"Insert Transaction Failed"
An app can say:
"Insert failed. Found duplicate record (same full name at address). Contact Betty in accounting to see if they owe us money before taking the order"