Here are some of the most common mistakes I've seen doing so far while validating forms:
This mistake occurs when a user fills a form without providing all data in the correct format. Generally, valid data is inserted in the database, but the page shows some validation errors and the user must refill the form. What happens then? Simply put, the user get some messages such as "username already in use" because the validation script compares user data with what has already been inserted in the database. So the user must choose another username, another email and so on. Quite frustrating.
Avoid partial submission. Use sticky forms to keep valid data within form fields, but don't insert anything in the database until the user fills correctly all the fields.
Overuse of regular expressions
Using regular expressions is fine, but this kind of approach should be never overused. Certain data formats are really hard to keep within a regular expression pattern. For example, what is the correct pattern for a person name? In PHP, for instance, the overuse of regular expressions may lead to some performance issues, though in rare cases.
Use regular expressions only when necessary. If you can, use string manipulation or data types function instead.
Confusing error messages
Error messages should be descriptive, self-explanatory and informative. Otherwise, they only tend to confuse the user.
Use descriptive and meaningful error messages, such as Phone numbers can only contain digits.
Lack of information
Most websites don't provide information about how a form should be filled. For example, they say that a field with an asterisk is mandatory, but they don't say in which format it should be.
Provide as much information as you can about how a form should be filled in order to avoid typos and errors.