Second order sql injection fixes

[edujosemena]

🗣 Description

Sanitize outputs from all fetchall functions to prevent 2nd order sql injection attacks

💭 Motivation and context

Patch Potential Vulnerabilities

-->

✅ Pre-approval checklist

• [x] This PR has an informative and human-readable title.
• [x] Changes are limited to a single goal - eschew scope creep!
• [x] All future TODOs are captured in issues, which are referenced in code comments.
• [x] All relevant type-of-change labels have been added.
• [x] I have read the CONTRIBUTING document.
• [x] These code changes follow cisagov code standards.
• [x] All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
• [x] Tests have been added and/or modified to cover the changes in this PR.
• [x] All new and existing tests pass.

[coveralls]

coverage: 26.431%. first build when pulling 4afb3d5f1889ea19a9ff9975c6ebc9a33b29622a on EM-sql-injection-fix into 1ac5df8b1d14b30ec8ed027cfeb5894c4757fb5e on develop.

[edujosemena]

@dav3r This is ready for review.