Two major things wrong here:
1) Don't hard code connections - always read them from a configuration file, or you have to change you app in many places each time you release it - and that menas releasing untested code which is going to fail one day, or developing against a "live" database which is much, much worse. When you make a mistake in yoru code, you can mess up the production database far, far too easily. Always use a config file, so you change the connection in one location.
2) Never use strings to build a SQL command with parameter values. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you use strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
I'd also suggest you have a look here:
Where should I store my data?[
^] and use that to locate the SQLite DB - you can use the same code in your setup program to copy the file there.