void possible SQL injection in function addRoomToDB.