Not so much because the SQL parser was bad (although that does occur occasionally), but because the person didn't know SQL in general or that specific dialect of SQL very well.
I actually had a bug in some of my DB2 SQL code some time ago, where I had a multiple line SQL statment with line continuation characters (so the parser saw the code as a single line ), and I put a -- comment at the end of one of my lines before the \\. The query ran fine, but I didn't know that the -- caused the parser to ignore everything else in the SQL statement.
Then I started getting results I wasn't expecting, rows were included, that were supposed to be excluded. I started investigating. By the time I figured it out, I was cursing DB2 SQL big time. Now, I know better. It took me about 2-3 hours to figure it out.
In SQL, -- comments cause everthing to be ignored to the end of the line. If you use line continuation characters, then everything on subsequent lines is ignored, too!
These kinds of bugs are the ones that separate the people who have been in a CS class in college (where parser principles are taught), from everyone else. I've seen people who didn't understand parsing spend WEEKS trying to figure out these kinds of problems. They end up reading the manual or asking someone before they "get it".