I should also add that I'm asking with the mysql extension in mind. I know that mysqli or PDO should be used. If I'm using jQuery Validationto validate client side (such as an email perhaps), should I also do it server side (make sure it's not blank and is a valid email)?

I'm just wondering if I'm opening myself up to Cross-site scripting vulnerabilities or SQL injections or anything else for that matter by simply not validating server side or will I be okay as long as I'm taking security measures when form data is being submitted.

YES YES always YES. Never trust anything that comes from the browser.

In the most benign case, what if they had Javascript disabled?

For a more devious case, what if they were manually posting the data with something like curl?

As already stated by others: Server-side validation is a must and cannot be left out in any circumstance, client-side validation doesn't do much more than preventing the user from entering incorrect data. Regarding security, client-side validation does absolutely nothing because it can always be turned off or circumvented otherwise by an attacker.

If you want to validate to shield yourself against attacks like SQL injection and XSS I would recommend you read these sites:

• XSS Prevention Cheat Sheet (OWASP)
• SQL injection Prevention Cheat Sheet (OWASP)

And more general on PHP security problems:

• PHP Security Cheat Sheet (OWASP)