for now use it like this

现在像这样使用它

$command = Yii::app()->db->createCommand()
    ->select()
    ->from('tableName')
    ->where(array('in', 'id', explode(',', $inputs)));

I ll try to get back with $command->bindValue()method.

我会试着用$command->bindValue()方法回来。

Having come across this problem a few times in my projects I have come-up with the following Yii work-around using CDbCriteria which is a little hacky, but gives the security of param count matching.

在我的项目中遇到过这个问题几次后，我使用 CDbCriteria 提出了以下 Yii 解决方法，这有点棘手，但提供了参数计数匹配的安全性。

When applied to your example my code would be:

当应用于您的示例时，我的代码将是：

$inputs = array(1,2,3,4,5);
$criteria = new CDbCriteria();
$criteria->addInCondition('id',$inputs);

$sql = 'SELECT * FROM obj WHERE '.$criteria->condition;
$command = Yii::app()->db->createCommand($sql);
$results = $command->queryAll(true, $criteria->params);

UPDATE

更新

There is actually a much cleaner way to do this built into Yii:

实际上有一种更简洁的方法可以在 Yii 中实现：

$results = Yii::app()->db->createCommand()
   ->select()
   ->from('obj')
   ->where(['in', 'id', $inputs])
   ->queryAll();

See Docs

查看文档

There are two methods in Yii:

Yii中有两种方法：

1. bindValue()used in mentioned question
2. bindValues($paramsArray)require i.e $paramsArray = array(':index'=>$value)

1. bindValue()在提到的问题中使用
2. bindValues($paramsArray)要求即 $paramsArray = array(':index'=>$value)

I'm using following code that is working for me perfectly:

我正在使用以下对我来说完美的代码：

$query = "UPDATE viewing_request SET  ViewingApiResponse=:ViewingApiResponse ,ViewingApiData = :ViewingApiData  WHERE id='{$id}'";

$executArray = array(
  ':ViewingApiResponse'=>$data['ViewingApiResponse'],  
  ':ViewingApiData'=>$data['ViewingApiData']  
);
$result = Yii::$app->db->createCommand($query)
    ->bindValues($executArray)
    ->execute();

Using Yii's method chaining in CDbCommand to build your query (as in Uday Sawant's answer) is generally a good choice. If having to construct the query piecemeal is not ideal, a good alternative is to flatten your array of parameters so you don't bypass SQL injection protection, like so:

在 CDbCommand 中使用 Yii 的方法链来构建查询（如 Uday Sawant 的答案）通常是一个不错的选择。如果必须逐步构建查询并不理想，一个不错的选择是展平参数数组，这样您就不会绕过 SQL 注入保护，如下所示：

$sql = "SELECT * FROM obj WHERE id IN (:id_array) AND other_field = :other_value";
$args = array(
  'id_array' => array(1, 2, 3, 4, 5),
  'other_value' => 12,
);

// Flatten array arguments into multiple parameters,
// replacing with parameter lists in the SQL
$newArgs = array();
$replace = array();
foreach($args as $oldKey => $input) {
  if(!is_array($input)) {
    $newArgs[$oldKey] = $args[$oldKey];
    continue;
  }

  $replace[':'.$oldKey] = array();
  foreach($input as $i => $value) {
    $replace[':'.$oldKey][] = ':'.$oldKey.$i;
    $newArgs[$oldKey.$i] = $value;
  }
  $replace[':'.$oldKey] = implode(', ', $replace[':'.$oldKey]);
}
$sql = strtr($sql, $replace);

$query = Yii::app()->db->createCommand($sql);
$query->params = $newArgs;
$query->queryAll();

In this example, the final sql and arguments are:

在这个例子中，最终的 sql 和参数是：

SELECT * FROM obj WHERE id IN (:id_array0, :id_array1, :id_array2, :id_array3, :id_array4) AND other_field = :other_value
array(
  'id_array0' => 1,
  'id_array1' => 2,
  'id_array2' => 3,
  'id_array3' => 4,
  'id_array4' => 5,
  'other_value' => 12,
)

In projects where using raw SQL is the preferred standard, the biggest benefit is you can bundle this up as a utility function and reuse it for any query. It's a shame Yii doesn't automatically expand array arguments this way, but you can also add this support yourself to projects which directly use PDO.

在使用原始 SQL 是首选标准的项目中，最大的好处是您可以将其捆绑为一个实用程序函数并将其重用于任何查询。遗憾的是 Yii 不会以这种方式自动扩展数组参数，但是您也可以自己将这种支持添加到直接使用 PDO 的项目中。