What the heck does the "h" do when あなた have code nested in this "<%=h %>"?

The "h" is a built-in method in Rails that escapes out html code in text that あなた happen to be rendering.

One of the uses of the "h" is to prevent cross-site scripting (css または xss, depending on how extreme you're feeling) Javascript attacks on clients.

Some people think it's kind of stupid that escaping isn't automatically done at a <%= some_string %>, but there are counter-arguments, as well.

Also, it should be noted that h (which is an alias for html_escape) only converts four characters:
& => &
" => "
> => <
< => >

it does not include single quote: ' which means it may be possible in some cases to perform XSS attacks while using this function. I recommend 書く an escape function (or replacing html_escape with a function) that also converts:
' => '

こんにちは it will print the information which present in that variable. <%=h%> here if "h" already has some value init または a string . this is how to print those information in ruby.