I am new to ASP and a programming friend of mine told me that the best way to access a DB is to write procedures in the DB and have the ASP pages call the procedures. That way you can encapsulate the calls to the DB.
My question is this: With ASP.net, will this method still be the "best practice" for protecting your data on the WEB?