SOLDIERX.COM Nobody Can Stop Information Insemination

I started working on php recently, and while I'm aware of some types of web vulnerabilities related to SSI and php-SQL code, I'm wondering what types of risks there associated with php-only code.

I've written in standard filters for POST/GET variables, but if I'm not dealing with any SQL code, and since I'm only using php for page navigation and a mail() function for a contact form, how necessary are these filters?
I can understand filtering page names or using some kind of obfuscation (e.g. integer input that points to named file) for page navigation so as to control which files the server reads and displays.

Any other concerns I should have?