Most probably your application store important data, which cannot be kept un secured
SQL Injection is a common way of hacking, which changes the logic of the queries
It allows hackers to enter your server bypassing security by escaping data
Some PHP Escape functions that help to protect SQL Injection :
mysql_real_escape_string()
mysqli::escape_string()
addslashes()
Here is an example –
$name = “Shyam”;
$name = mysql_real_escape_string($name, $db);
$name = addslashes($name);