Contrary to the assertion presented in the statement, dynamically constructing queries with user-supplied inputs actually increases the risk of injection attacks unless proper input validation and query parameterization techniques are employed. Injection attacks, such as those targeting databases, occur when an attacker can insert or manipulate commands, leading to unintended query execution. Utilizing prepared statements with parameterized queries is one of the primary defenses against such vulnerabilities.