First of all, never trust any data from the client-side to be valid. You can't even assume that the data came from your website's form or that the user is using a browser to interact with your site. Thus, you should always do validation on the server-side even if you have some basic validation on the client side (like checking for length).
According to this article PHP is no exception:
You need to make sure you write your regexes carefully. This article also mentions "Regex Fuzzer" which is a method of finding problematic regexes. The link at the top of the article has more information about that.
Edit: Microsoft has built a program to test for vulnerable regexes. It's available from here: http://www.microsoft.com/en-us/download/details.aspx?id=20095 I haven't tried it myself, but that might help you find any issues with your regex.