In fact what you want is to prevent XSS attacks using specials character. So you don't really have to care about the characters present in the String. You just have to espace them before doing any operation on your database, using a function with the same purposes as htmlspecialchars()
in PHP.
Obviously such conversion can also be done in Java.
To replace all HTML entities (source) :
String source = "Escape the less than sign (<) and ampersand (&)";
String escaped = StringEscapeUtils.escapeHtml(source);
// Will output "Escape the less than sign (<) and ampersand (&)"
To replace only a select subset of characters (source) :
String escaped = StringUtils.replaceEach(source, new String[]{"&", "<"}, new String[]{"&", "<"});
EDIT :
To take your example, you would have to espace special characters in the variable reqnum
because you'll use it in your SQL request :
String checkreq="";
String reqnum=(String)findrequestmodel.requestno.trim();
reqnum = StringEscapeUtils.escapeHtml(reqnum); // Espace special characters
// ... skipped code ...
rs=stmt.executeQuery(" select * from myadmin where reference_no='"+reqnum+"'"); // Safe
Alternative (and better) solution
You should not handle this by yourself, but use something called PreparedStatement which can do it for you, plus other useful stuff.