It’s an SQL injection joke.

Basically, when dealing with databases, you can use SQL to search or modify the data in that database. By default, you can do this by polling the database with an SQL query. But this introduces a vulnerability called SQL injection. Basically, imagine if instead of filling in a name in the “Name” field, you filled in an SQL query. If the database admins haven’t protected themselves against it, then the database will happily run that query; You have just injected an SQL query into their database. Maybe you’re a malicious attacker, looking to get a virus onto the system, or looking to extract the data.

Protecting the database from injection is done with something called sanitizing. Basically, you set up filters to disallow SQL, so it can’t touch your database. In this comic, the database admins didn’t do that, so they were unprotected.

The actual SQL uses the student’s middle name to search for any tables named “Students” and permanently delete it. The joke is that when the school admin staff enters his name into their database, it will delete any tables named “Students” and wreck their database.

https://www.explainxkcd.com/wiki/index.php/327:_Exploits_of_a_Mom

SQL sanitization joke. Won’t affect most databases today.