What is the common practice of input validation? In other words do you check for input validation on client-side, on server-side or on both sides?
Also, if performance is crucial to me, would just the client-side input validation be sufficient for my website without presenting any security risks?
Always perform at least server side validation. If you want to improve users experience, client side validation could be nice. It also allows you to avoid unnecessary requests to the server.
Only client side validation is not sufficient and can be easily bypassed by disabling javascript for example.
I would recommend you to always start by adding server side validation and once you've tested it, you could enable client side validation.