Fr0g,  your/someone else his code is not secure, and not written in a proper way.
$id = $_GET['id'];
$query = "SELECT * FROM listfile WHERE id='$id'";
This is the part where you get an SQLInjection, and if the errors are not show you will get an Blind SQL injection.
If this is yours or you are trying to write in PHP, please learn in the PROPER way.
These days:
Try to secure Human input, (XSS, XSRF, and invalid input like sadfsadfasdf as an email)
Try to escape EVERYTHING but fixed integers who go into the database (mysql_real_escape_string() or the mysqli  version)
Try to Write in OOP as much as possible, this will save time later on, and will be more professional