No, set no maximum limit! Set no limit to what characters can be used. If I want to enter an 120 char password word I should be allowed to. Understand if you properly handle passwords there should be no issue. By properly handling I mean using a one-way hashing function like sha256. Then it won't matter what a user enters it will always be the same length and same character set for the database.
Do you see? My long complicated password is now hashed in a hexadecimal string of a fixed length. No need for escaping or filtering.
echo hash( 'sha256', '\\1rjLX4iHGT,=05`+@".):QI5ah?\'q`aCk1C>u0>T\'JM/_9WSN>C/EQe#3VZ:>U&&<HNpDM:^*`fM[&N\\@m!!Lp\'\'J8XG6C>I*ILf\'Rp)6t2f=b^' );