You should not be using mysql at all. Use only mysqli or pdo.
It is not so much that mysql is insecure, but the way you are using it.
Php is not my area of expertise, I’m sure other can advise you better, but I do know enough to spot the huge security hole in the script.
If the id is an integer, which I imagine it will be, it can easily be sanitized to remove any unwanted characters.
$id = preg_replace('#[^0-9]#i', '', $_POST["id"]) ;
You should also check the string is not empty after this.