You're not sanitizing your database queries. Look at your first query where you insert a $_GET variable right into the SQL string. That means anything a user puts in that URL parameter goes right into your database. This can be devastating. Read more about it at the link below and here's how to solve that problem.
Instead of...
$query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$_GET['id']}'";
Make it...
$idUrl = mysql_real_escape_string($_GET['id']);
$query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$idUrl}'";
http://php.net/manual/en/security.database.sql-injection.php