diff --git a/create.inc.php b/create.inc.php
index 625dba5a..de1fdec0 100644
--- a/create.inc.php
+++ b/create.inc.php
@@ -123,7 +123,7 @@ for (var i=1; <?php echo count($row["fields"]); ?> >= i; i++) {
 	document.getElementById('form')['fields[' + i + '][type]'].onchange();
 }
 
-document.write('<input type="checkbox" id="column_comments"<?php if ($column_comments) { ?> checked="checked"<?php } ?> onclick="column_comments_click(this.checked);" /><label for="column_comments"><?php echo lang('Show column comments'); ?></label>');
+document.write('<label for="column_comments"><input type="checkbox" id="column_comments"<?php if ($column_comments) { ?> checked="checked"<?php } ?> onclick="column_comments_click(this.checked);" /><?php echo lang('Show column comments'); ?></label>');
 function column_comments_click(checked) {
 	for (var i=0; <?php echo count($row["fields"]); ?> >= i; i++) {
 		document.getElementById('comment-' + i).style.display = (checked ? '' : 'none');
diff --git a/functions.inc.php b/functions.inc.php
index 0520fc24..e43df2ab 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -251,19 +251,19 @@ function input($name, $field, $value) {
 		}
 		preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
 		foreach ($matches[1] as $i => $val) {
-			$val = str_replace("''", "'", $val);
+			$val = stripcslashes(str_replace("''", "'", $val));
 			$id = "field-$name-" . ($i+1);
 			$checked = (is_int($value) ? $value == $i+1 : $value === $val); //! '' collide with NULL in $_GET["default"]
-			echo ' <input type="radio" name="fields[' . $name . ']" id="' . $id . '" value="' . (isset($_GET["default"]) ? htmlspecialchars($val) : $i+1) . '"' . ($checked ? ' checked="checked"' : '') . ' /><label for="' . $id . '">' . htmlspecialchars($val) . '</label>';
+			echo ' <label for="' . $id . '"><input type="radio" name="fields[' . $name . ']" id="' . $id . '" value="' . (isset($_GET["default"]) ? htmlspecialchars($val) : $i+1) . '"' . ($checked ? ' checked="checked"' : '') . ' />' . htmlspecialchars($val) . '</label>';
 		}
 		if ($field["null"]) {
 			$id = "field-$name-";
-			echo '<input type="radio" name="fields[' . $name . ']" id="' . $id . '" value=""' . (strlen($value) ? '' : ' checked="checked"') . ' /><label for="' . $id . '">' . lang('NULL') . '</label> ';
+			echo ' <label for="' . $id . '"><input type="radio" name="fields[' . $name . ']" id="' . $id . '" value=""' . (strlen($value) ? '' : ' checked="checked"') . ' />' . lang('NULL') . '</label>';
 		}
 	} elseif ($field["type"] == "set") { //! 64 bits
 		preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
 		foreach ($matches[1] as $i => $val) {
-			$val = str_replace("''", "'", $val);
+			$val = stripcslashes(str_replace("''", "'", $val));
 			$id = "field-$name-" . ($i+1);
 			$checked = (is_int($value) ? ($value >> $i) & 1 : in_array($val, explode(",", $value), true));
 			echo ' <input type="checkbox" name="fields[' . $name . '][' . $i . ']" id="' . $id . '" value="' . (isset($_GET["default"]) ? htmlspecialchars($val) : 1 << $i) . '"' . ($checked ? ' checked="checked"' : '') . ' /><label for="' . $id . '">' . htmlspecialchars($val) . '</label>';
@@ -277,7 +277,7 @@ function input($name, $field, $value) {
 	}
 	if ($field["null"] && preg_match('~char|text|set|binary|blob~', $field["type"])) {
 		$id = "null-$name";
-		echo '<input type="checkbox" name="null[' . $name . ']" value="1" id="' . $id . '"' . (isset($value) ? '' : ' checked="checked"') . ' /><label for="' . $id . '">' . lang('NULL') . '</label>';
+		echo '<label for="' . $id . '"><input type="checkbox" name="null[' . $name . ']" value="1" id="' . $id . '"' . (isset($value) ? '' : ' checked="checked"') . ' />' . lang('NULL') . '</label>';
 	}
 }
 
diff --git a/select.inc.php b/select.inc.php
index b3a2acfb..1b0d7425 100644
--- a/select.inc.php
+++ b/select.inc.php
@@ -34,7 +34,7 @@ if (!$columns) {
 			}
 			echo "(<i>" . implode("</i>, <i>", $index["columns"]) . "</i>) AGAINST";
 			echo ' <input name="fulltext[' . $i . ']" value="' . htmlspecialchars($_GET["fulltext"][$i]) . '" />';
-			echo "<input type='checkbox' name='boolean[$i]' value='1' id='boolean-$i'" . (isset($_GET["boolean"][$i]) ? " checked='checked'" : "") . " /><label for='boolean-$i'>" . lang('BOOL') . "</label>";
+			echo "<label for='boolean-$i'><input type='checkbox' name='boolean[$i]' value='1' id='boolean-$i'" . (isset($_GET["boolean"][$i]) ? " checked='checked'" : "") . " />" . lang('BOOL') . "</label>";
 			echo "<br />\n";
 		}
 	}
@@ -73,12 +73,12 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
 		if (in_array($val, $columns, true)) {
 			$order[] = idf_escape($val) . (isset($_GET["desc"][$key]) ? " DESC" : "");
 			echo "<div><select name='order[$i]'><option></option>" . optionlist($columns, $val, "not_vals") . "</select>";
-			echo "<input type='checkbox' name='desc[$i]' value='1' id='desc-$i'" . (isset($_GET["desc"][$key]) ? " checked='checked'" : "") . " /><label for='desc-$i'>" . lang('DESC') . "</label></div>\n";
+			echo "<label for='desc-$i'><input type='checkbox' name='desc[$i]' value='1' id='desc-$i'" . (isset($_GET["desc"][$key]) ? " checked='checked'" : "") . " />" . lang('DESC') . "</label></div>\n";
 			$i++;
 		}
 	}
 	echo "<div><select name='order[$i]'><option></option>" . optionlist($columns, array(), "not_vals") . "</select>";
-	echo "<input type='checkbox' name='desc[$i]' value='1' id='desc-$i' /><label for='desc-$i'>" . lang('DESC') . "</label></div>\n";
+	echo "<label for='desc-$i'><input type='checkbox' name='desc[$i]' value='1' id='desc-$i' />" . lang('DESC') . "</label></div>\n";
 	echo "</fieldset>\n";
 	
 	echo "<fieldset><legend>" . lang('Limit') . "</legend>\n";