In my asp.net mvc program, the user will input the date in one field and the time in another field. The time will be in 24hr mode so the user can enter 00:00 - 23:59, and the date should be in the typical mm/dd/yyyy.
With all the different options available for validating the input, such as javascript/jquery/masked input on the client side or c# in the mvc controller, I am finding it difficult to figure out which way is best.
Does anyone have a suggestion or advice on this one?
Always, always server side. Client side validation is an optional nice to have.
Remember a clientside validation pass does not represent the actual data that could arrive server side with the use of simple sniffer/injection tools.
If you are using a database, you should use a parameterized query or stored procedure to ensure data validation. That will also help you with potential SQL Injection.
You should validate on both ends but it is critical to validate on the server regardless of what you do on the client. The client validation is just a "nice to have" and helps with user interaction and flow.
Use both! Client side and server validation are pretty easy to implement.
Client side validations make the user experience better. Nobody likes waiting for a completed postback to tell them something like "our server doesn't do dates like that you foreigner".
Server side validation protects your systems. No server wants an sql injection attack from a crafted request. Don't use this for the user experience though. This exists purely to protect your systems and provide support for users with javascript disabled (--and to be fair, who cares what their user experience is like).
There are some lovely client side libraries that make it ridiculously easy. My favourite is the jquery validation plugin but http://www.livevalidation.com/ is pretty good too.
I would suggest using a validation framework such as xVal for MVC 1 or the built-in support for DataAnnotations for MVC 2. This will generate server and client-side validation for you in a way which is always consistent.
Both with emphasis on the server side. Sometimes people will block javascript or a prior error will not let the validation script run.
On the server either do a DateTime.Parse or the better DateTime.TryParse.