I'm trying to implement this:
$sql = "INSERT INTO users (location) WHERE social_id='".$_SESSION["FBID"]."' VALUES ('".$_POST["location"]."')";
you should have a look at this: MySQL Insert Where query
You don't want to insert, but update a record. You always insert a complete row - not a single column of an existing row. You use update for that. Therefore there is no need to use where when inserting.
Lookking at your problem it should be something like
UPDATE users SET location = $_POST["location"] where social_id = $_SESSION["FBID"]
As mentioned in the comment above you should, however still escape at least the location variable before inserting it.
Have a look at "mysql prepared statements"