Your prepared statement is wrong, it should be:
$stmt = $mysqli->prepare("
SELECT DISTINCT model FROM vehicle_types WHERE year = ? AND make = ? ORDER by model
");
$stmt->bind_param('is', $year, $make);
$stmt->execute();
When you prepare a statement, you have to substitute every variable with a question mark without quotes. A question mark within quotes will not be recognized as a placeholder.
The number of question marks must be equal to the number of variables in the bind_param()