This is not something that you should be handling at the client. Using best practice JDBC techniques, such as prepared statements, is the way to handle SQL injection.
I'll move this off to the JDBC forum for further advice.
Moving to Object Relational mapping forum, although I suspect SQL injection is not possible in Hibernate since there are no direct SQL queries. SQL injection only plays a part when you are forwarding input directly into a SQL query such as