--- includes/database/database.inc.old	Sun Dec 28 02:24:19 2008
+++ includes/database/database.inc	Sun Dec 28 02:53:44 2008
@@ -543,7 +543,14 @@
         }
 
         // Update the query with the new placeholders.
-        $query = str_replace($key, implode(', ', array_keys($new_keys)), $query);
+        // preg_replace is a little bit slower than str_replace, but it is
+        // necessary to ensure the replacement does not affect placeholders
+        // that start with the same exact text. For example, if the query
+        // contains the placeholders :foo and :foobar, and :foo has an array
+        // of values, using str_replace would affect both placeholders, but
+        // using the following preg_replace would only affect :foo because it
+        // is followed by a non-word character.
+        $query = preg_replace('#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query);
 
         // Update the args array with the new placeholders.
         unset($args[$key]);