Dashboard and MS SQL database - number and text input nodes

Hi Naz.

Firstly, one thing to realise is that messages NEVER arrive at the same time. So where you have user_id, first_name and last_name linked to a done button - this is never going to work.

Secondly, you risk sql injection by concatinating strings to generate SQL Queries.

To simplify user input and to avoid SQL Injection, use the ui_form - it has sends all values entered in one msg. Also, use node-red-contrib-mssql-plus as it allows you to use parameters (that negate SQL injection)

Example...
image

image

WcueduFvDl


I recommend every new user watches this playlist: Node-RED Essentials. The videos are done by the developers of node-red. They're nice & short and to the point. You will understand a whole lot more in about 1 hour. A small investment for a lot of gain.

1 Like