elasticsearch nosql injection

I’m using elastic search and I create a very simple user search using it.

how can we prevent elastic search injection using web application in Yii?

for example this is my sample code :

public function actionIndex($q){

    $query = ElasticUser::find()->query([

        "regexp" => [

            "alias" => $q,



    return $query->search();


is there any way to prevent run queries like ‘.*’ , ‘.str.’ and injecting strings like these?

http://php.net/manual/en/function.preg-quote.php ?