You shouldn't put quotes on your placeholders, nor use php variable, should just be :name
.
try changing
"SELECT * FROM user WHERE userid =: '$userID' AND password =: '$password'";
to
$userSQL = "SELECT * FROM user WHERE userid =:userID AND password = :password";
Then execute it the right way since your are using named placeholders:
$query->execute(array (':userID' => $userID,
':password' => $password
));
Alternatively you can use question marks
$userSQL = "SELECT * FROM user WHERE userid =? AND password =?";
$query = $db->prepare($userSQL);
$query->execute(array($userID,$password));