As with most "code vs database" arguments, it depends.
If your database (or table) is going to be accessed by a lot of different customers (i.e. teams who don't work closely together), then the database should protect itself. Ideally, everything should be done via stored procedures.
If a single application has access to the database, then that application can contain the business logic. In this case, everything should be done by the one application, and that application accesses the database.
