Heya, hukam.
You're talking about MS SQL?
You will need to have your database installed somewhere. It doesn't have to be on the same machine as your web server, but for convenience, most developers like to set it up that way.
The database server does need to be running when you want to access the data in your database.
In terms of the code, it depends on which language you're using to code your application. I would presume you're using ASP[.NET]. Is this correct?
In terms of securing your code against hackers, have a look at
this page.