Yii Query Builder: Parametr binding in where() method


(AlexSmall) #1

I have this code in my controller:

class ArchController extends Controller
{
     public function actionIndex(string $date, array $rubric_id )
{
$articles = Article::find()->where('published < :date', [':date' => $date])
                           ->andWhere(['in', 'rubric', $rubric_id])
                           ->andWhere('ISNULL(arch)')->all(); 
    ...

It seems to me it is not safe because $rubric_id is user input. How can I make parametr binding, something like this:
‘:rubric_id’ => $rubric_id