you are misplacing the % % operators, notice the difference below - they should not be put aside the ?
placeholder, rather inside:
$query = "select *, day(WN_DATE) WN_DAYOFMONTH, month(WN_DATE) WN_MONTH, year(WN_DATE) WN_YEAR from mytable where year(WN_DATE) like ? order by WN_DATE DESC";
$param = '%'.$_SESSION['filterOn'].'%';
$result = DB::select($query , array($param));