1. JdbcTemplate is thread-safe. So a single instance of JdbcTemplate will be enough for the whole system, unless you have more than one data sources.
2. NamedParameterJdbcTemplate
String sql = "select * from t where t.firstName = :firstName "
You can then provider with a map —
map.put("firstName", "xxx")
or a java bean —
bean.setFirstName("xxx")