Response.Write or plain ol' HTML

What is better coding practice, with speed in mind (Classic ASP):

sPg=sPg& "<select id=""actions"" onchange=""emact(this.value)"">"
sPg=sPg& "<option value=""""></option>"
sPg=sPg& "<option value=""read"">read</option>"
sPg=sPg& "<option value=""unread"">unread</option>"
sPg=sPg& "<option value=""spam"">spam</option>"
sPg=sPg& "<option value=""unspam"">unspam</option>"
sPg=sPg& "<option value=""delete"">delete</option>"
sPg=sPg& "<option value=""undelete"">undelete</option>"

OR

<select id="actions" onchange="emact(this.value)">
<option></option>
<开发者_运维技巧option value="read">read</option>
<option value="unread">unread</option>
<option value="spam">spam</option>
<option value="unspam">unspam</option>
<option value="delete">delete</option>
<option value="undelete">undelete</option>

think this, but on a way larger scale (online store backend written this way almost completely, working on a new version) - I am going convert it all to easy to manage HTML instead of response.write each time, but I just want to know the by doing that, I am not digging myself a hole.

If you are re-writing why are you going to use 10 year old technology?

(Use the 2nd one.)

That's what I would do.

There is absolutely no good reason to go with creating the whole HTML structure through string concatenation, and you will gain a bit of performance by changing to straight HTML.

It would also be more maintainable, as you won't have to worry about escaping quotes and making sure your strings are properly concatenated.

Wouldn't the argument for using Response.Write over HTML be the same one for parameterizing SQL statements over straight SQL queries? Meaning, to close a few loopholes for possible injection?