It is recommended to change the jdbctemplate to NamedJdbcTemplate，avoid sql injection

[beijixing1745]

It is recommended to change the jdbctemplate to NamedJdbcTemplate。

1.jdbctemplate set param by position，The query parameter has no value, resulting in the SQL statement not meeting the expectation。
2.NamedJdbcTemplate set param，Don't worry about the position of parameters in the sql statement。use NamedJdbcTemplate can avoid sql injection。
3.Some sql parameters may cause sql injection through string+assignment.
like "SELECT data_id,group_id,tenant_id,datum_id,app_name,content FROM config_info_aggr WHERE data_id= ? AND "
+ "group_id= ? AND tenant_id= ? ORDER BY datum_id LIMIT " + startRow + "," + pageSize;

[KomachiSion]

The startRow and pageSize must be int type, so has no sql injection problem.

But the NamedJdbcTemplate maybe can used to improve the SQL plugin usage. It can be researched.

[beijixing1745]

The jdbctemplate is replaced by NamedJdbcTemplate. Through parameter naming and assignment, the dynamic splicing of sql queries can be improved and the possibility of parameter assignment errors can be reduced.