diff --git a/apps/dav/lib/CalDAV/CalDavBackend.php b/apps/dav/lib/CalDAV/CalDavBackend.php
index 2754b72b2ebe4..a9942f83a9a68 100644
--- a/apps/dav/lib/CalDAV/CalDavBackend.php
+++ b/apps/dav/lib/CalDAV/CalDavBackend.php
@@ -2684,10 +2684,10 @@ public function createSchedulingObject($principalUri, $objectUri, $objectData) {
 	 * @param int $calendarType
 	 * @return void
 	 */
-	protected function addChange($calendarId, $objectUri, $operation, $calendarType = self::CALENDAR_TYPE_CALENDAR) {
-		$this->atomic(function () use ($calendarId, $objectUri, $operation, $calendarType) {
-			$table = $calendarType === self::CALENDAR_TYPE_CALENDAR ? 'calendars': 'calendarsubscriptions';
+	protected function addChange(int $calendarId, string $objectUri, int $operation, int $calendarType = self::CALENDAR_TYPE_CALENDAR): void {
+		$table = $calendarType === self::CALENDAR_TYPE_CALENDAR ? 'calendars': 'calendarsubscriptions';
 
+		$this->atomic(function () use ($calendarId, $objectUri, $operation, $calendarType, $table) {
 			$query = $this->db->getQueryBuilder();
 			$query->select('synctoken')
 				->from($table)
@@ -2707,10 +2707,11 @@ protected function addChange($calendarId, $objectUri, $operation, $calendarType
 				])
 				->executeStatement();
 
-			$stmt = $this->db->prepare("UPDATE `*PREFIX*$table` SET `synctoken` = `synctoken` + 1 WHERE `id` = ?");
-			$stmt->execute([
-				$calendarId
-			]);
+			$query = $this->db->getQueryBuilder();
+			$query->update($table)
+				->set('synctoken', $query->createNamedParameter($syncToken + 1, IQueryBuilder::PARAM_INT))
+				->where('id', $query->createNamedParameter($calendarId))
+				->executeStatement();
 		}, $this->db);
 	}
 
diff --git a/apps/dav/lib/CardDAV/CardDavBackend.php b/apps/dav/lib/CardDAV/CardDavBackend.php
index 54b83ad7af895..686cd16175243 100644
--- a/apps/dav/lib/CardDAV/CardDavBackend.php
+++ b/apps/dav/lib/CardDAV/CardDavBackend.php
@@ -923,20 +923,31 @@ public function getChangesForAddressBook($addressBookId, $syncToken, $syncLevel,
 	 * @param int $operation 1 = add, 2 = modify, 3 = delete
 	 * @return void
 	 */
-	protected function addChange($addressBookId, $objectUri, $operation) {
+	protected function addChange(int $addressBookId, string $objectUri, int $operation): void {
 		$this->atomic(function () use ($addressBookId, $objectUri, $operation) {
-			$sql = 'INSERT INTO `*PREFIX*addressbookchanges`(`uri`, `synctoken`, `addressbookid`, `operation`) SELECT ?, `synctoken`, ?, ? FROM `*PREFIX*addressbooks` WHERE `id` = ?';
-			$stmt = $this->db->prepare($sql);
-			$stmt->execute([
-				$objectUri,
-				$addressBookId,
-				$operation,
-				$addressBookId
-			]);
-			$stmt = $this->db->prepare('UPDATE `*PREFIX*addressbooks` SET `synctoken` = `synctoken` + 1 WHERE `id` = ?');
-			$stmt->execute([
-				$addressBookId
-			]);
+			$query = $this->db->getQueryBuilder();
+			$query->select('synctoken')
+				->from('addressbooks')
+				->where($query->expr()->eq('id', $query->createNamedParameter($addressBookId)));
+			$result = $query->executeQuery();
+			$syncToken = (int)$result->fetchOne();
+			$result->closeCursor();
+
+			$query = $this->db->getQueryBuilder();
+			$query->insert('addressbookchanges')
+				->values([
+					'uri' => $query->createNamedParameter($objectUri),
+					'synctoken' => $query->createNamedParameter($syncToken),
+					'addressbookid' => $query->createNamedParameter($addressBookId),
+					'operation' => $query->createNamedParameter($operation),
+				])
+				->executeStatement();
+
+			$query = $this->db->getQueryBuilder();
+			$query->update('addressbooks')
+				->set('synctoken', $query->createNamedParameter($syncToken + 1, IQueryBuilder::PARAM_INT))
+				->where('id', $query->createNamedParameter($addressBookId))
+				->executeStatement();
 		}, $this->db);
 	}