Yes, you can limit the usage per user per hour in MySQL:
http://dev.mysql.com/doc/refman/5.6/en/user-resources.html
However, most web apps use a single MySQL username for all application users. So this might just serve to throttle your whole website.
The addslashes function is not the right solution for preventing SQL injection. Every MySQL API includes a more appropriate escaping function, for example mysqli_real_escape_string() or PDO::quote().
But even better is to use prepared statements with query parameters instead of escaping and concatenating variables into SQL query strings.
Examples are easy to find if you examine other questions with the sql-injection tag. One of the best answers is in How can I prevent SQL injection in PHP?
I wrote a popular presentation about this: SQL Injection Myths and Fallacies.