This reply addresses how to protect your databases from sql injections, should the worst come to the worst and you have allowed such attacks to take place.
if someone gains access to the admin section then they could destroy the site in a matter of seconds.
If, by this you mean that they could empty your Mysql databases, then read up on using Mysql's permission system so that they cannot delete anything.
Mysql GRANT permissions.
Taken to its logical extreme, visitors to your website should old ever be able to "read" from your db and therefore have permission to change data only in those tables you permit them.
Your admin users will probably have more permissions on more tables, but think about how to deny them the ability to DROP and DELETE.
One way to do this is to flag old content as "not for display", there are pros and cons of course e.g. you now have a "restore" feature, but you also have to deal with a ballooning amount of content.
If you are going to read up on this and take some action such as having a play with it, then beware of the big fat gotcha concerning "FLUSH PRIVILEGES".
If you don't issue that command after every alteration, you will suffer temporary madness, or worse, skip over this important layer of security because it will not seem to work.