I've seen that SQL injection strings are often constructed like this:
' ; DROP DATABASE db --
Therefore, if I disallow the use of semicolons in my application's inputs, does this 100% prevent any SQL injection attack?
No it does not prevent sql injection attacks. Any time you're dynamically constructing SQL either in the client side, or with the EXEC inside a stored proc, you are at risk.
Parameterized queries are the preferred way to get your input into query.