Coding static SQL in an Active Server Page (ASP) is perhaps the easiest way to provide dynamic data content in Web pages. However, you should try avoiding this; instead use a stored procedure wherever possible for such updates and insertions. Static SQL code in an ASP page is exposed to the Web site as well as potential hackers.
To minimize this exposure, it is often better to call a stored procedure, which in turn performs the required updates or inserts. You can grant appropriate permissions to the ID, calling the stored procedure to access and modify objects and data. This acts as a shield between the Web site and the actual data being changed.