diff --git a/ddl/column.go b/ddl/column.go
index cdcf0443f66cf..8932957593a6d 100644
--- a/ddl/column.go
+++ b/ddl/column.go
@@ -939,7 +939,12 @@ func (w *worker) doModifyColumnTypeWithData(
 				}
 				defer w.sessPool.put(ctx)
 
-				_, _, err = ctx.(sqlexec.RestrictedSQLExecutor).ExecRestrictedSQL(valStr)
+				stmt, err := ctx.(sqlexec.RestrictedSQLExecutor).ParseWithParams(context.Background(), valStr)
+				if err != nil {
+					job.State = model.JobStateCancelled
+					failpoint.Return(ver, err)
+				}
+				_, _, err = ctx.(sqlexec.RestrictedSQLExecutor).ExecRestrictedStmt(context.Background(), stmt)
 				if err != nil {
 					job.State = model.JobStateCancelled
 					failpoint.Return(ver, err)
@@ -1525,16 +1530,25 @@ func checkAndApplyNewAutoRandomBits(job *model.Job, t *meta.Meta, tblInfo *model
 // checkForNullValue ensure there are no null values of the column of this table.
 // `isDataTruncated` indicates whether the new field and the old field type are the same, in order to be compatible with mysql.
 func checkForNullValue(ctx sessionctx.Context, isDataTruncated bool, schema, table, newCol model.CIStr, oldCols ...*model.ColumnInfo) error {
-	colsStr := ""
+	var buf strings.Builder
+	buf.WriteString("select 1 from %n.%n where ")
+	paramsList := make([]interface{}, 0, 2+len(oldCols))
+	paramsList = append(paramsList, schema.L, table.L)
 	for i, col := range oldCols {
 		if i == 0 {
-			colsStr += "`" + col.Name.L + "` is null"
+			buf.WriteString("%n is null")
+			paramsList = append(paramsList, col.Name.L)
 		} else {
-			colsStr += " or `" + col.Name.L + "` is null"
+			buf.WriteString(" or %n is null")
+			paramsList = append(paramsList, col.Name.L)
 		}
 	}
-	sql := fmt.Sprintf("select 1 from `%s`.`%s` where %s limit 1;", schema.L, table.L, colsStr)
-	rows, _, err := ctx.(sqlexec.RestrictedSQLExecutor).ExecRestrictedSQL(sql)
+	buf.WriteString(" limit 1")
+	stmt, err := ctx.(sqlexec.RestrictedSQLExecutor).ParseWithParams(context.Background(), buf.String(), paramsList...)
+	if err != nil {
+		return errors.Trace(err)
+	}
+	rows, _, err := ctx.(sqlexec.RestrictedSQLExecutor).ExecRestrictedStmt(context.Background(), stmt)
 	if err != nil {
 		return errors.Trace(err)
 	}
diff --git a/ddl/util/util.go b/ddl/util/util.go
index 295376945f7c6..0c3ec2608b9eb 100644
--- a/ddl/util/util.go
+++ b/ddl/util/util.go
@@ -14,11 +14,9 @@
 package util
 
 import (
-	"bytes"
 	"context"
 	"encoding/hex"
-	"fmt"
-	"strconv"
+	"strings"
 
 	"github.com/pingcap/errors"
 	"github.com/pingcap/parser/terror"
@@ -32,12 +30,13 @@ import (
 const (
 	deleteRangesTable            = `gc_delete_range`
 	doneDeleteRangesTable        = `gc_delete_range_done`
-	loadDeleteRangeSQL           = `SELECT HIGH_PRIORITY job_id, element_id, start_key, end_key FROM mysql.%s WHERE ts < %v`
-	recordDoneDeletedRangeSQL    = `INSERT IGNORE INTO mysql.gc_delete_range_done SELECT * FROM mysql.gc_delete_range WHERE job_id = %d AND element_id = %d`
-	completeDeleteRangeSQL       = `DELETE FROM mysql.gc_delete_range WHERE job_id = %d AND element_id = %d`
-	completeDeleteMultiRangesSQL = `DELETE FROM mysql.gc_delete_range WHERE job_id = %d AND element_id in (%v)`
-	updateDeleteRangeSQL         = `UPDATE mysql.gc_delete_range SET start_key = "%s" WHERE job_id = %d AND element_id = %d AND start_key = "%s"`
-	deleteDoneRecordSQL          = `DELETE FROM mysql.gc_delete_range_done WHERE job_id = %d AND element_id = %d`
+	loadDeleteRangeSQL           = `SELECT HIGH_PRIORITY job_id, element_id, start_key, end_key FROM mysql.%n WHERE ts < %?`
+	recordDoneDeletedRangeSQL    = `INSERT IGNORE INTO mysql.gc_delete_range_done SELECT * FROM mysql.gc_delete_range WHERE job_id = %? AND element_id = %?`
+	completeDeleteRangeSQL       = `DELETE FROM mysql.gc_delete_range WHERE job_id = %? AND element_id = %?`
+	completeDeleteMultiRangesSQL = `DELETE FROM mysql.gc_delete_range WHERE job_id = %? AND element_id in (` // + idList + ")"
+	updateDeleteRangeSQL         = `UPDATE mysql.gc_delete_range SET start_key = %? WHERE job_id = %? AND element_id = %? AND start_key = %?`
+	deleteDoneRecordSQL          = `DELETE FROM mysql.gc_delete_range_done WHERE job_id = %? AND element_id = %?`
+	loadGlobalVars               = `SELECT HIGH_PRIORITY variable_name, variable_value from mysql.global_variables where variable_name in (` // + nameList + ")"
 )
 
 // DelRangeTask is for run delete-range command in gc_worker.
@@ -62,16 +61,14 @@ func LoadDoneDeleteRanges(ctx sessionctx.Context, safePoint uint64) (ranges []De
 }
 
 func loadDeleteRangesFromTable(ctx sessionctx.Context, table string, safePoint uint64) (ranges []DelRangeTask, _ error) {
-	sql := fmt.Sprintf(loadDeleteRangeSQL, table, safePoint)
-	rss, err := ctx.(sqlexec.SQLExecutor).Execute(context.TODO(), sql)
-	if len(rss) > 0 {
-		defer terror.Call(rss[0].Close)
+	rs, err := ctx.(sqlexec.SQLExecutor).ExecuteInternal(context.TODO(), loadDeleteRangeSQL, table, safePoint)
+	if rs != nil {
+		defer terror.Call(rs.Close)
 	}
 	if err != nil {
 		return nil, errors.Trace(err)
 	}
 
-	rs := rss[0]
 	req := rs.NewChunk()
 	it := chunk.NewIterator4Chunk(req)
 	for {
@@ -106,8 +103,7 @@ func loadDeleteRangesFromTable(ctx sessionctx.Context, table string, safePoint u
 // CompleteDeleteRange moves a record from gc_delete_range table to gc_delete_range_done table.
 // NOTE: This function WILL NOT start and run in a new transaction internally.
 func CompleteDeleteRange(ctx sessionctx.Context, dr DelRangeTask) error {
-	sql := fmt.Sprintf(recordDoneDeletedRangeSQL, dr.JobID, dr.ElementID)
-	_, err := ctx.(sqlexec.SQLExecutor).Execute(context.TODO(), sql)
+	_, err := ctx.(sqlexec.SQLExecutor).ExecuteInternal(context.TODO(), recordDoneDeletedRangeSQL, dr.JobID, dr.ElementID)
 	if err != nil {
 		return errors.Trace(err)
 	}
@@ -117,29 +113,31 @@ func CompleteDeleteRange(ctx sessionctx.Context, dr DelRangeTask) error {
 
 // RemoveFromGCDeleteRange is exported for ddl pkg to use.
 func RemoveFromGCDeleteRange(ctx sessionctx.Context, jobID, elementID int64) error {
-	sql := fmt.Sprintf(completeDeleteRangeSQL, jobID, elementID)
-	_, err := ctx.(sqlexec.SQLExecutor).Execute(context.TODO(), sql)
+	_, err := ctx.(sqlexec.SQLExecutor).ExecuteInternal(context.TODO(), completeDeleteRangeSQL, jobID, elementID)
 	return errors.Trace(err)
 }
 
 // RemoveMultiFromGCDeleteRange is exported for ddl pkg to use.
 func RemoveMultiFromGCDeleteRange(ctx sessionctx.Context, jobID int64, elementIDs []int64) error {
-	var buf bytes.Buffer
+	var buf strings.Builder
+	buf.WriteString(completeDeleteMultiRangesSQL)
+	paramIDs := make([]interface{}, 0, 1+len(elementIDs))
+	paramIDs = append(paramIDs, jobID)
 	for i, elementID := range elementIDs {
 		if i > 0 {
 			buf.WriteString(", ")
 		}
-		buf.WriteString(strconv.FormatInt(elementID, 10))
+		buf.WriteString("%?")
+		paramIDs = append(paramIDs, elementID)
 	}
-	sql := fmt.Sprintf(completeDeleteMultiRangesSQL, jobID, buf.String())
-	_, err := ctx.(sqlexec.SQLExecutor).Execute(context.TODO(), sql)
+	buf.WriteString(")")
+	_, err := ctx.(sqlexec.SQLExecutor).ExecuteInternal(context.TODO(), buf.String(), paramIDs...)
 	return errors.Trace(err)
 }
 
 // DeleteDoneRecord removes a record from gc_delete_range_done table.
 func DeleteDoneRecord(ctx sessionctx.Context, dr DelRangeTask) error {
-	sql := fmt.Sprintf(deleteDoneRecordSQL, dr.JobID, dr.ElementID)
-	_, err := ctx.(sqlexec.SQLExecutor).Execute(context.TODO(), sql)
+	_, err := ctx.(sqlexec.SQLExecutor).ExecuteInternal(context.TODO(), deleteDoneRecordSQL, dr.JobID, dr.ElementID)
 	return errors.Trace(err)
 }
 
@@ -147,8 +145,7 @@ func DeleteDoneRecord(ctx sessionctx.Context, dr DelRangeTask) error {
 func UpdateDeleteRange(ctx sessionctx.Context, dr DelRangeTask, newStartKey, oldStartKey kv.Key) error {
 	newStartKeyHex := hex.EncodeToString(newStartKey)
 	oldStartKeyHex := hex.EncodeToString(oldStartKey)
-	sql := fmt.Sprintf(updateDeleteRangeSQL, newStartKeyHex, dr.JobID, dr.ElementID, oldStartKeyHex)
-	_, err := ctx.(sqlexec.SQLExecutor).Execute(context.TODO(), sql)
+	_, err := ctx.(sqlexec.SQLExecutor).ExecuteInternal(context.TODO(), updateDeleteRangeSQL, newStartKeyHex, dr.JobID, dr.ElementID, oldStartKeyHex)
 	return errors.Trace(err)
 }
 
@@ -164,20 +161,25 @@ func LoadDDLVars(ctx sessionctx.Context) error {
 	return LoadGlobalVars(ctx, []string{variable.TiDBDDLErrorCountLimit})
 }
 
-const loadGlobalVarsSQL = "select HIGH_PRIORITY variable_name, variable_value from mysql.global_variables where variable_name in (%s)"
-
 // LoadGlobalVars loads global variable from mysql.global_variables.
 func LoadGlobalVars(ctx sessionctx.Context, varNames []string) error {
 	if sctx, ok := ctx.(sqlexec.RestrictedSQLExecutor); ok {
-		nameList := ""
+		var buf strings.Builder
+		buf.WriteString(loadGlobalVars)
+		paramNames := make([]interface{}, 0, len(varNames))
 		for i, name := range varNames {
 			if i > 0 {
-				nameList += ", "
+				buf.WriteString(", ")
 			}
-			nameList += fmt.Sprintf("'%s'", name)
+			buf.WriteString("%?")
+			paramNames = append(paramNames, name)
+		}
+		buf.WriteString(")")
+		stmt, err := sctx.ParseWithParams(context.Background(), buf.String(), paramNames...)
+		if err != nil {
+			return errors.Trace(err)
 		}
-		sql := fmt.Sprintf(loadGlobalVarsSQL, nameList)
-		rows, _, err := sctx.ExecRestrictedSQL(sql)
+		rows, _, err := sctx.ExecRestrictedStmt(context.Background(), stmt)
 		if err != nil {
 			return errors.Trace(err)
 		}