You have to look at what the access point supports to determine that. What you are looking for in that case is often called Station Separation, or Layer2 Isolation, etc. etc. etc. Most manufactures are going to have their own name for the same thing. MikroTik calls it default forwarding on their wireless cards. One very important thing to keep in mind here with wireless is that this will not necessarily stop someone sniffing the wireless traffic. Since the traffic is being broadcast in clear text if there is no encryption going on between the client and the AP, anyone that is in range can listen in and on this traffic. All it is doing is preventing an end user from connecting to and talking to another computer over the network itself.
As for the switch, you are looking for a decent managed one. You are more specifically looking for one that supports port isolation, VLANs, layer 2 security features such as ARP and DHCP inspection. Port Isolation on a Cisco is run by "switchport protected", 3Com switches if they support it is "port isolate". The basic concept here is, any traffic coming in on this port cannot go out of any other port than the uplink port, i.e. the only port not in protected mode. We extensively use the 3Com 4500 series of switches for their price point and the features.