Before trying anything here make sure you have exported your database completely as described on the last page.

SQL injection is where a user types in nasty data to an HTML form.  That data includes some SQL code.  The data is passed as suual via PHP to the database server which treats it as commands not data.  SQL injection can allow a user to see all the data in your database, delete it all or put new data in.  Something you probably do not want but banks and shops are even less keen.

Be aware that the protection method used in this example protects you fairly well when making the sort of site you have been making.  If you go on to make more complex sites (for example a content management system or something like PHPMyAdmin) there are extra risks.

Make sure you also consider all of the PHP security precautions already covered.