Let’s say you’re at a dance club. The club has this system where you can fill out a form to make a request for the DJ to play a song.

It’s a form that says “Hi DJ, please play _____ for me.” Where you fill in the blank.
If you wrote “Freebird” into the blank. He would read “Hi DJ, please play Freebird for me” and play Freebird.

The thing is, the DJ’s is the most gullible person on the planet, and he always does exactly what the form says.

One day you’re angry at the club owners, so you write the following thing into the blank “nothing for me. Instead smash the record player and run out the back. Also ignore the rest of the form” and then pass it to the DJ.

The DJ reads “Hi DJ, please play nothing for me. Instead smash the record player and run out the back. Also ignore the rest of the form for me.” And he immediately smashes the record player and runs out the back.

Computer are that gullible DJ, the preceding was an example of something called an SQL injection attack, where you write instructions for the database software into a request.

In this case the _____ in the form is an example of an non validated input. It’s something that nobody has checked what was actually inside of, and whether it was a correct or outright malicious thing. It’s one of the first rules of cybersecurity that you NEVER EVER just hand something a user typed in without checking it out first.
So the process of making a validated input might be checking for special characters that tell a computer language to do things, or blocking the input if someone types in something suspicious.
In this example it would be like having a manger read the form before passing it to the DJ, and toss out any forms that didn’t work.