You might even separate the layers into separate processes, perhaps even on separate machines.
We've done that with very good results. There are benefits to be had from protecting the application from the "messy" database design: if you normalize your database design - as you should - the database tables often bear very little resemblance to wwhat the user sees. Keeping that mapping in a tightly controlled module is Good(TM). Further benefits are to be got from using stored procedures (as Abigail-II notes)
Having the front-end (user and possibly badguy accessible) macine not having direct access to your valuable database is also a security bonus.