Basically, sandboxing is a method that allows you to test changes in your code without effecting what is already in place and being used on the web. It involves creating what is called a sandbox, which just like a children's sandbox allows you to get messy without worrying about getting all that sand (possibly broken or insecure code) in your nice garden.
Any time you want to install a new add-on, or develop a new feature, you can use sandboxing to do that without hurting your product. It's really best practice to sandbox any medium to major sized changes to your code before you implement them. It's better for you and it's better for your users.
Unless you're working on a team of other developers, you'll probably want the sandbox you create to be on your own computer. This of course, requires that you have PHP installed, as well as any other software you might be using.
All you have to do to get started is to copy all of your code, as it is, to another place. Wherever you can play with it and test it. Another server, or your own computer, it doesn't matter as long as you can run it and see results.
Those of you who use some type of version control system, git and the like, this can be referred to as creating a branch. You would create a branch of a stable version of your code, somewhere other than your live server. That would be your sandbox.
When you create your sandbox, make sure you use code that you know is already working and bug free, to the extent that is possible anyway. When you add features or just want to tweak things, it's important to know whats causing the errors you'll inevitably start to discover. Looking for a bug in your new code just to find out hours later it was a problem that already existed can be pretty frustrating. But that's the whole point of sandboxing, playing with it as much as you want without worrying about your users coming across these errors as you develop it.
If your existing software uses a lot of data, say a database, you cant just stop at copy pasting your code. It's important to think about how your code interacts with your data and vice versa. While a lot of the time you can get away with having a small sample, or even a group of test data you create, sometimes it might be necessary to use an entire copy of your database to use with your new code.
You can use sandboxing for more than just testing new code too. You can actually do quite a lot with it. You can test bug fixes or optimizations in a sandbox.
Sandboxing also gets used quite a lot in the security field. You can set up a duplicate but private server with all of your software on it and then try to break in to it using whatever means you have. This will allow you to try to break and fix your security measures all at once, without worrying about your user's experience.
There are plenty of tools and services on the web that can help with this type of thing. A quick google of "sandboxing service" or "sandbox server" or "sandboxing web software" gives plenty of useful hits.