Java regular expression to prevent SQL injection

During my burp suite test there are some SQL Injection vulnerabilities reported by the tool even after using prepared statement

Eg :

SELECT address, state, status, plan, remarks, FROM archive  
LEFT OUTER JOIN site_mappings ON site_dn = mrbts AND
siteid = id where ((UPPER(technology) like 
UPPER(?)))

 ps.setString(1, "%" +value+ "%");

Below are few SQL injection strings used by the tool

1. '%2b(select*from(select(sleep(20)))a)%2b'

2. '

3. "

I have filter function to white list the value and raise SQLException to prevent injection.

Pattern pattern = Pattern.compile("['"*$]");
        Matcher matcher = pattern.matcher(value);
        if (matcher.find()) {
            throw new SQLException("Invalid filter value");
        }

It does not work for '%2b(select*from(select(sleep(20)))a)%2b' .

Issue detail :

The payload '+(select*from(select(sleep(20)))a)+‘ was submitted in the parameter. The application took 20011 milliseconds to respond to the request, compared with 24 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

How to create regular expression to prevent from SQL injection ?