Security updates

[asd20752]

I have added some simple security updates with this pull.

• Preventing SQL injection with binding parameters instead of hard coding into SQL string.
• Checking if the requested database is a sub file of the working directory to prevent traversing of system folders.
• Checking if the database exists before opening with SQL lite to prevent new empty files to be spawned.
• Removed DEMO from README.md since they were broken anyways.