Is PHP's addslashes vulnerable to sql injection attack?
Yes.
With the conditions mentioned in the article you linked to.
I need to display their current vulnerability.
I doubt you can display this one, as it seems the client's encoding is not the renowned GBK.
Though, there most likely exists other possible vulnerabilities, just because people tend to misuse an escaping function, taking it wrong.
But I can assure you that as long as your client's encoding either single-byte one or UTF-8, and as long as this function used properly (as in the code you posted)- there would be no injection possible.
