I've resolved the issue. It was a stupid error on my part, but memorializing the answer here in case its useful to someone else.
The problem was indeed that the '&' sign was being converted into '&'. (Thanks @CBroe for the clue!) It was hard to detect because it wasn't showing up in any of the browser output I was looking at (including viewing the page source).
Long ago and far away I had forgotten that I had set up a standard form-handling function to "cleanse" all POST data. One line in that function took each posted value and applied the htmlspecialchars() function to it. This converted the 'b&b' into 'b&b'. Great for the HTML echo'd output, not so good for database comparison strings.
For this particular application, if I do not apply the htmlspecialchars() everything works as expected, regardless of the way that PDO is implemented.
Lesson re-learned... never forget the "defaults" you establish!