I don't think it's the dbms that has problems. But the language used to build the SQL queries (Php, Perl, VBScript, or whatever) might interpret or misinterpret special characters before passing them on the the database.
And yes, you should check every character. Perl has the concept of "tainted" variables, it keeps track of which values have come in from some outside source and cannot be trusted. Php doesn't go that far but it has some built-in functions to help. There's discussion of tainting and untainting in the manual.
