I have a bat file which executes bunch of sql scripts when i install my application. In installation dialogs user sets dbname, login and password which are then used in this bat
You need to escape the percent (%) character and the caret(^) character by doubling them. Here is a list of problematic command line characters
SET _pswr="!#$%%^^&*()<>"
Tested as well with windows batch file on Windows 2008 Server SP2 with sqlcmd. Only needed to escape the % sign as %%. No need to escape the ^.