Below is an example for prepares statement with like MySql clause.

<?php
$mysqli = new mysqli('localhost', 'user name', 'password','database');

/* check connection */
if (mysqli_connect_errno()) {
	printf("Connect failed: %s\n", mysqli_connect_error());
	exit();
}

// Our Query, I used LIMIT 10, you can delete LIMIT easily
$query = "SELECT `Column1`, `Column2` FROM `tableName` WHERE 
		`Col1` LIKE CONCAT('%', ?, '%') LIMIT 10";

// prepare statment
$stmt = $mysqli->prepare($query);

//getting parameter from get
$q = $_GET["q"];

//binding parameter from query to any variable
$stmt->bind_param('s', $q);

// executing prepared statement
$stmt->execute();

// binding results from the query to our custom defined variable
// that are used to derive values from fetched data
$stmt->bind_result($postUid,$postTitle);

echo "<ul>";

// printing values
while($stmt->fetch())
{?>
	<li>
	<a href="<?php echo $postUid?>">
	<span><?php echo $postTitle?></span>
	</a>
	</li>
<?php	
}
	/* close statement */
	$stmt->close();
?>