diff --git a/lib/request/inject.py b/lib/request/inject.py
index 5dab192ee..c3561959c 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -76,7 +76,12 @@ def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar
 
     if not (timeBasedCompare and kb.dnsTest):
         if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search("(COUNT|LTRIM)\(", expression, re.I) and not timeBasedCompare:
-            length = queryOutputLength(expression, payload)
+            if field:
+                nulledCastedField = agent.nullAndCastField(field)
+                injExpression = expression.replace(field, nulledCastedField, 1)
+            else:
+                injExpression = expression
+            length = queryOutputLength(injExpression, payload)
         else:
             length = None