diff --git a/lib/private/Share/Helper.php b/lib/private/Share/Helper.php
index 90dc3e957e9fa1876daa78c93cd1c7b8ba6d9432..a992330b577fac2f2105b7f8a7c1235a2f9e1137 100644
--- a/lib/private/Share/Helper.php
+++ b/lib/private/Share/Helper.php
@@ -31,6 +31,7 @@
 namespace OC\Share;
 
 use OC\HintException;
+use OCP\DB\QueryBuilder\IQueryBuilder;
 use OCP\Share\IShare;
 
 class Helper extends \OC\Share\Constants {
@@ -89,31 +90,30 @@ class Helper extends \OC\Share\Constants {
 		$changeParent = [];
 		$parents = [$parent];
 		while (!empty($parents)) {
-			$parents = "'".implode("','", $parents)."'";
-			// Check the owner on the first search of reshares, useful for
-			// finding and deleting the reshares by a single user of a group share
-			$params = [];
-			if (count($ids) == 1 && isset($uidOwner)) {
-				// FIXME: don't concat $parents, use Docrine's PARAM_INT_ARRAY approach
-				$queryString = 'SELECT `id`, `share_with`, `item_type`, `share_type`, ' .
-					'`item_target`, `file_target`, `parent` ' .
-					'FROM `*PREFIX*share` ' .
-					'WHERE `parent` IN ('.$parents.') AND `uid_owner` = ? ';
-				$params[] = $uidOwner;
-			} else {
-				$queryString = 'SELECT `id`, `share_with`, `item_type`, `share_type`, ' .
-					'`item_target`, `file_target`, `parent`, `uid_owner` ' .
-					'FROM `*PREFIX*share` WHERE `parent` IN ('.$parents.') ';
+			$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+			$query->select(
+				'id', 'share_with', 'item_type', 'share_type',
+				'item_target', 'file_target', 'parent'
+				)
+				->from('share')
+				->where($query->expr()->in('parent', $query->createNamedParameter(
+					$parents, IQueryBuilder::PARAM_INT_ARRAY
+				)));
+
+			if (count($ids) === 1 && isset($uidOwner)) {
+				// Check the owner on the first search of reshares, useful for
+				// finding and deleting the reshares by a single user of a group share
+				$query->andWhere($query->expr()->eq('uid_owner', $uidOwner));
 			}
+
 			if ($excludeGroupChildren) {
-				$queryString .= ' AND `share_type` != ?';
-				$params[] = self::$shareTypeGroupUserUnique;
+				$query->andWhere($query->expr()->eq('share_type', self::$shareTypeGroupUserUnique));
 			}
-			$query = \OC_DB::prepare($queryString);
-			$result = $query->execute($params);
+
+			$result = $query->execute();
 			// Reset parents array, only go through loop again if items are found
 			$parents = [];
-			while ($item = $result->fetchRow()) {
+			while ($item = $result->fetch()) {
 				$tmpItem = [
 					'id' => $item['id'],
 					'shareWith' => $item['share_with'],
@@ -135,20 +135,24 @@ class Helper extends \OC\Share\Constants {
 					$parents[] = $item['id'];
 				}
 			}
+			$result->closeCursor();
 		}
 		if ($excludeParent) {
 			unset($ids[0]);
 		}
 
 		if (!empty($changeParent)) {
-			$idList = "'".implode("','", $changeParent)."'";
-			$query = \OC_DB::prepare('UPDATE `*PREFIX*share` SET `parent` = ? WHERE `id` IN ('.$idList.')');
-			$query->execute([$newParent]);
+			$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+			$query->update('share')
+				->set('parent', $query->createNamedParameter($newParent, IQueryBuilder::PARAM_INT))
+				->where($query->expr()->in('id', $query->createNamedParameter($changeParent, IQueryBuilder::PARAM_INT_ARRAY)));
+			$query->execute();
 		}
 
 		if (!empty($ids)) {
-			$idList = "'".implode("','", $ids)."'";
-			$query = \OC_DB::prepare('DELETE FROM `*PREFIX*share` WHERE `id` IN ('.$idList.')');
+			$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+			$query->delete('share')
+				->where($query->expr()->in('id', $query->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY)));
 			$query->execute();
 		}
 
diff --git a/lib/private/Share/Share.php b/lib/private/Share/Share.php
index 0648e40f16263bc16de785b36aa8c30f43a626d3..32801fe4c08326617598f1d293a2f264472139f5 100644
--- a/lib/private/Share/Share.php
+++ b/lib/private/Share/Share.php
@@ -687,14 +687,20 @@ class Share extends Constants {
 			// Remove root from file source paths if retrieving own shared items
 			if (isset($uidOwner) && isset($row['path'])) {
 				if (isset($row['parent'])) {
-					$query = \OC_DB::prepare('SELECT `file_target` FROM `*PREFIX*share` WHERE `id` = ?');
-					$parentResult = $query->execute([$row['parent']]);
-					if ($result === false) {
+					$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+					$query->select('file_target')
+						->from('share')
+						->where($query->expr()->eq('id', $query->createNamedParameter($row['parent'])));
+
+					$result = $query->execute();
+					$parentRow = $result->fetch();
+					$result->closeCursor();
+
+					if ($parentRow === false) {
 						\OCP\Util::writeLog('OCP\Share', 'Can\'t select parent: ' .
 							\OC_DB::getErrorMessage() . ', select=' . $select . ' where=' . $where,
 							ILogger::ERROR);
 					} else {
-						$parentRow = $parentResult->fetchRow();
 						$tmpPath = $parentRow['file_target'];
 						// find the right position where the row path continues from the target path
 						$pos = strrpos($row['path'], $parentRow['file_target']);