This is about a classifieds website…
I use PHP and MySql to insert records into a db.

I have a HTML form, and users must fill in this form to proceed.

Below is the form inputs and the validation made on each input (javascript):
Name (Only letters allowed)
Tel (Only numbers allowed)
Email (Special email-regexp match)
Headline (No special characters allowed, all else is fine. By special characters I mean !(#)<> etc. Max length 35 chars.)
Text (Same as headline, just no limit on length)
Price (Only numbers allowed)

I do mysql_real_escape_string() on the Headline and Text, but nothing else.

My question is simply, is this enough?

I have no other security measures whatsoever.

UPDATE

var alphaExp = /^[a-zA-ZåäöÅÄÖ\s\-]+$/; 
var numExp = /^(?=(?:\D*\d){0})[\d -]{0,20}$/;
var num_only = /^[0-9]+$/;
var emailExp = /^[\w\-\.\+]+\@[a-zA-Z0-9\.\-]+\.[a-zA-z0-9]{2,4}$/;
var textExp = /^\s*([\wåäö\-\*][^\w]*){3}.*$/gmi;
var headlineExp = /^[\s\da-zA-ZåäöÅÄÖ&()+%\/*$€é:,.'"-]*$/;