Are you sure you want to blacklist only those characters? Usually a much safer approach is to whitelist only the acceptable characters.
If you want to ensure your data is kept pure, the safest place to do this is at source, using an INSERT/UPDATE trigger.
You could write a UDF that does this in T-SQL, or for best performance, implement it as a CLR function using C# or similar.
Doing this only in SQL could cause validation issues, though. E.g., if the user has only entered invalid characters on a required field, they essentially have given you no input, so your GUI will likely need to throw a validation error. So, best to have validation checks for usability in your front-end, and triggers for data integrity on the back end.