You took the route of a quick hack as stated in your comments by doing rhis:
sql="INSERT INTO Customers (ID,firstName,lastName) VALUES ('" & Request.Form("id") & "','" & Request.Form("fistname") & "','" & Request.Form("lastname") & "')"
Let me persist in stating that to prevent several issues (sql injection being one of them) you could leverage the use of paramterized queries.
I assume you have an ADO command somewhere after your sql statement. It is much safer if you use command parameters to send parameters from the website to the query.
command.CommandText = "INSERT INTO Customers (ID,firstName,lastName) VALUES (?,?,?)"
Set param = command.CreateParameter ("id", adInteger, adParamInput)
param.value = Request.Form("id")
command.Parameters.Append param
Set param2 = command.CreateParameter ("firstname", adVarWChar, adParamInput, 50)
param2.value = Request.Form("firstname")
command.Parameters.Append param2
Set param3 = command.CreateParameter ("lastname", adVarWChar, adParamInput, 50)
param3.value = Request.Form("lastname")
command.Parameters.Append param3
command.Execute
Have a look at Command Object Parameters for more background.