I don’t want to bind manually, it is waste of time and code since you can easily create automatic binding. I am wandering is Yii doing that or not in examples I provided in first post. You can see in debugger that yii does escaping of dangerous characters with backslashes, but you can not see that binding has been done.
I was reading some Yii core code like Query class, and from what I saw yii will not do query param bining for you, you have to do that manually.
By looking at where() method:
public function where($condition, $params = )
you can see that where() is expecting manuall binding to be specified in $params parameter. If I am not missing something, this means that if you specify only the $condition, even as an array, yii will not do params binding for you.