Make the SQL search subclasses less nerve-wracking to read, by using makeList() inste...

Make the SQL search subclasses less nerve-wracking to read, by using makeList() instead of implode(), addQuotes() instead of strencode(), and by documenting the fact that parseQuery() is intentionally returning an SQL fragment to be included into a query without further escaping. No actual vulnerabilities fixed, due to effective UI-side validation, so this is just to minimise reviewer anxiety.