For example,
php
$connection->createCommand()->replace('idx_user', [
'name' => 'Sam',
'age' => 30,
])->execute();
The method will properly escape the column names, and bind the values to be replaced.
Note that the created command is not executed until [[execute()]] is called.