Ensure that all SQLlite queries are escaped properly so users can't inject SQL in searches

We want to make sure that searches where users can type artist/album/song names escape any user input so that the user can's inject SQL and ruin the db.
