I'm changing it as Damian suggested it's more secure as a parameterised query. This is the PR for more info: https://github.com/tractorcow-farm/silverstripe-fluent/pull/547
Add search extension to enable using SS Core search functionality with Fluent.Hide attachment content
SELECT DISTINCT SiteTree_Live.ID, SiteTree_Live.Title, MATCH (SiteTree_Live.Title, SiteTree_Live.MenuTitle, SiteTree_Live.Content, SiteTree_Live.MetaDescription) AGAINST ('Search') AS Relevance is fine?
Sorry, that's not the full query. It's here for greater reference. https://github.com/taoceanz/silverstripe-fluent/blob/feature/ss4-core-search-extension/src/Extension/FluentSearchFormExtension.php#L65
This works successfully and returns search queries per locale. It's just translating some of the variables into params to pass to the prepared query that breaks it for some reason.
Neat, thanks for context.
I don't want to give you bad advice, so please check anything I suggest.
But I feel like perhaps your understanding of paramaterised queries might be a little different from what they actually do.
it's not simple string replacement, to my knowledge (such as in PHP there, putting vars in a string), rather (again, my knowledge is also limited) I believe they're for values I'm not sure you can do what you're trying to achieve here with the tables as a parameter.