What are the potential pitfalls of relying solely on client-side validation for form inputs in PHP, especially when dealing with sensitive data like email addresses?

Relying solely on client-side validation for form inputs in PHP can be risky because client-side validation can be easily bypassed by users who disable JavaScript or manipulate the form data before submission. This can lead to security vulnerabilities, especially when dealing with sensitive data like email addresses. To mitigate this risk, it is important to also perform server-side validation in PHP to ensure that the data is sanitized and validated before processing it.

<?php
$email = $_POST['email'];

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Invalid email address";
    // handle error or redirect back to form
} else {
    // process the email address securely
}
?>