Can someone Inject malicious SQL to my SQL query?

I build a simple chat with MySQL. It has a table called users and two colums: id and username. I use the following query to extract username and ID by ID.

Is there a way someone can Inject malicios SQL ? and How ?

Limit is used to only allow 1 result to come out

$query = 'SELECT id, username FROM users WHERE id=' . $id . ' LIMIT 1';

Go to Source
Author: harabatahat