Add protection for SQL injection on SQL statements

Usage of several SQL queries in database could potentially cause issues, either unintentionally (e.g. a special character in a text causes an error) or unintentionally (e.g., a SQL injection attack). need to come up with comprehensive plan for ensuring data is properly sanitized. 