diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index d7765707f3..29511c047a 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -854,7 +854,7 @@ case 'add-meta' :
 			'position' => 1,
 			'supplemental' => array('postid' => $pid)
 		) );
-	} else {
+	} else { // Update?
 		$mid = (int) array_pop(array_keys($_POST['meta']));
 		$key = $_POST['meta'][$mid]['key'];
 		$value = $_POST['meta'][$mid]['value'];
@@ -862,7 +862,7 @@ case 'add-meta' :
 			die('0'); // if meta doesn't exist
 		if ( !current_user_can( 'edit_post', $meta->post_id ) )
 			die('-1');
-		if ( $meta->meta_value != stripslashes($value) ) {
+		if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) {
 			if ( !$u = update_meta( $mid, $key, $value ) )
 				die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
 		}
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index 2e22aa9934..5a450382b4 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -597,8 +597,7 @@ function add_meta( $post_ID ) {
 			return false;
 
 		wp_cache_delete($post_ID, 'post_meta');
-
-		$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) );
+		$wpdb->insert( $wpdb->postmeta, array( 'post_id' => $post_ID, 'meta_key' => $metakey, 'meta_value' => $metavalue ) );
 		do_action( 'added_postmeta', $wpdb->insert_id, $post_ID, $metakey, $metavalue );
 
 		return $wpdb->insert_id;
@@ -690,8 +689,8 @@ function has_meta( $postid ) {
  * @since unknown
  *
  * @param unknown_type $meta_id
- * @param unknown_type $meta_key
- * @param unknown_type $meta_value
+ * @param unknown_type $meta_key Expect Slashed
+ * @param unknown_type $meta_value Expect Slashed
  * @return unknown
  */
 function update_meta( $meta_id, $meta_key, $meta_value ) {
@@ -699,6 +698,8 @@ function update_meta( $meta_id, $meta_key, $meta_value ) {
 
 	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
 
+	$meta_key = stripslashes($meta_key);
+
 	if ( in_array($meta_key, $protected) )
 		return false;
 
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index 7d9608c245..fae3d3e911 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -2450,8 +2450,7 @@ function meta_form() {
 <?php
 
 	foreach ( $keys as $key ) {
-		$key = esc_attr( $key );
-		echo "\n<option value='" . esc_attr($key) . "'>$key</option>";
+		echo "\n<option value='" . esc_attr($key) . "'>" . esc_html($key) . "</option>";
 	}
 ?>
 </select>
@@ -3289,7 +3288,7 @@ function find_posts_div($found_action = '') {
 				<?php wp_nonce_field( 'find-posts', '_ajax_nonce', false ); ?>
 				<label class="screen-reader-text" for="find-posts-input"><?php _e( 'Search' ); ?></label>
 				<input type="text" id="find-posts-input" name="ps" value="" />
-				<input type="button" onClick="findPosts.send();" value="<?php esc_attr_e( 'Search' ); ?>" class="button" /><br />
+				<input type="button" onclick="findPosts.send();" value="<?php esc_attr_e( 'Search' ); ?>" class="button" /><br />
 
 				<input type="radio" name="find-posts-what" id="find-posts-posts" checked="checked" value="posts" />
 				<label for="find-posts-posts"><?php _e( 'Posts' ); ?></label>
@@ -3299,7 +3298,7 @@ function find_posts_div($found_action = '') {
 			<div id="find-posts-response"></div>
 		</div>
 		<div class="find-box-buttons">
-			<input type="button" class="button alignleft" onClick="findPosts.close();" value="<?php esc_attr_e('Close'); ?>" />
+			<input type="button" class="button alignleft" onclick="findPosts.close();" value="<?php esc_attr_e('Close'); ?>" />
 			<input id="find-posts-submit" type="submit" class="button-primary alignright" value="<?php esc_attr_e('Select'); ?>" />
 		</div>
 	</div>
