According to PDO::Prepare
You must include a unique parameter marker for each value you wish to pass in to the statement when you call PDOStatement::execute(). You cannot use a named parameter marker of the same name more than once in a prepared statement, unless emulation mode is on.
So either turn emulation mode on
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, TRUE);
or change to -
$sql = "SELECT * FROM `character` WHERE `name` LIKE :search1 OR `play` LIKE :search2";
$query = $db->prepare($sql);
$query->execute(array(':search1' => strip_tags($_POST['search']),':search2' => strip_tags($_POST['search'])));
Also, since you are using LIKE
in your query, you will want to add wildcards %
to your values
$query->execute(array(':search1' => "%".strip_tags($_POST['search'])."%",':search2' => "%".strip_tags($_POST['search'])."%"));