From Joomla! Documentation
Joomla has client-side and server-side form validation capabilities.
Server side validation is essential since everything before that can be overridden on the user side by hackers. However client-side is the most user-friendly validation, so using both is considered best practice.
It uses the HTML classes required' and validate-[xxx] (with [xxx] being a Joomla or custom rule; e.g. validate-numeric)
More here: Client-side form validation
...is done after having submitted the form and will normally return to the form when not validated with some extra messages.
It uses the HTML attributes required ("true" or "required") and validate (with the value being a Joomla or custom rule, e.g. validate="email")
More here: Server-side form validation