Hi Naz.
Firstly, one thing to realise is that messages NEVER arrive at the same time. So where you have user_id, first_name and last_name linked to a done button - this is never going to work.
Secondly, you risk sql injection by concatinating strings to generate SQL Queries.
To simplify user input and to avoid SQL Injection, use the ui_form - it has sends all values entered in one msg. Also, use node-red-contrib-mssql-plus as it allows you to use parameters (that negate SQL injection)
Example...
I recommend every new user watches this playlist: Node-RED Essentials. The videos are done by the developers of node-red. They're nice & short and to the point. You will understand a whole lot more in about 1 hour. A small investment for a lot of gain.
