Using parameter in LIKE

Is it safe to pass a string directly into a like condition, or does it have to be quoted or parameterized somehow?

where(like(entries.text, `%${filters.search}%`))

where(like(entries.text, `%${filters.search}%`))

where(like(entries.text, `%${filters.search}%`))

where(like(entries.text, `%${filters.search}%`))