You should create something like this:

const preparedSearch = `%${search}%`;
db.execute(
  sql`SELECT * FROM items WHERE name ILIKE ${preparedSearch}`,
);