Database Access

Nov 4 2005 9:04 AM
I am new to ASP and a programming friend of mine told me that the best way to access a DB is to write procedures in the DB and have the ASP pages call the procedures.  That way you can encapsulate the calls to the DB.

My question is this: With ASP.net, will this method still be the "best practice" for protecting your data on the WEB?