> What exactly is the problem you're attempting to solve with this?

Keeping all database access in one place to avoid having selects around the codebase.

> What about maintenance or admin queries which aren't tied to a specific user_id?

This is the web interface for users, all admin stuff is done elsewhere

> What about sql injection?

The selects are passed as parametised queries, so the where clause would be 'title = %s AND folder = %s'