For example,
php
$connection->createCommand()->insert('user', [
'name' => 'Sam',
'age' => 30,
])->execute();
The method will properly escape the column names, and bind the values to be inserted.
Note that the created command is not executed until Command::execute is called.