diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py
index 1170174ed58..5bb9e3b5bd3 100644
--- a/tamper/unmagicquotes.py
+++ b/tamper/unmagicquotes.py
@@ -24,6 +24,7 @@ def tamper(payload, **kwargs):
 
     Reference:
         * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
+        * https://lonewolfzero.wordpress.com/2017/07/03/addslashes-multibyte-sql-injection-mysql-and-php-case-study/
 
     >>> tamper("1' AND 1=1")
     '1%bf%27-- -'