Open
Description
It is recommended to change the jdbctemplate to NamedJdbcTemplate。
1.jdbctemplate set param by position,The query parameter has no value, resulting in the SQL statement not meeting the expectation。
2.NamedJdbcTemplate set param,Don't worry about the position of parameters in the sql statement。use NamedJdbcTemplate can avoid sql injection。
3.Some sql parameters may cause sql injection through string+assignment.
like "SELECT data_id,group_id,tenant_id,datum_id,app_name,content FROM config_info_aggr WHERE data_id= ? AND "
+ "group_id= ? AND tenant_id= ? ORDER BY datum_id LIMIT " + startRow + "," + pageSize;