Have you tested the search without the LIMIT? Because I suspect the error is elsewhere in your SQL. I don't know MySQL, but other databases I have seen want values in the list for the IN statement. Column names don't work. You might try rewriting it like this:
SELECT * FROM products WHERE prod_name = ? OR prod_desc = ?
Also, PostgreSQL doesn't support placeholders for the number after the LIMIT. MySQL may have the same limitation. If you can't use placeholders, you will need to interpolate the value when you construct the SQL. This means you must be careful about validating the value to be a number.