the idea is to validate all input only once, when it's transformed from raw user-input data into structs/objects/etc used by your program. after that, assume it's valid.
Yeah I've seen a lot of people misunderstand defensive programming and validate the input to every method. Defensive programming style can create disastrously verbose code, particular in OO languages with people who don't really get OO design.