Are you using mysql_fetch_array?

If not your query needs to be:

$result = mysql_query("SELECT * FROM users WHERE userId = '$alumni'");
$row = mysql_fetch_array($result);

dc

are you storing the full path of the image url in the db?

what does the source of the actual rendered page read as?

Yes, and yes.

The full code is like this:

displayUserInfo($result);

function displayAlumInfo($result) {

while ($row = mysql_fetch_array ($result))
{
print "\n<tr>\n\t<td width='25%' bgcolor='#BCD2EE'>Picture:</td><td><img src='{$row['pic_url']}'></td></tr>";
etc, etc, etc...

I'm storing the full url, like: [mydomain.com...] <--- not a real link

Maybe try

$pic = $row['pic_url'];
print '\n<tr>\n\t<td width="25%" bgcolor="#BCD2EE">Picture:</td><td><img src="'.$pic.'"></td></tr>';

Thanks for the input guys. I tried the last suggestion, but have also noticed something. When I enter the file extention (.jpg in this case) it cuts it off. is that something in my security? I'm passing these variables through some code to add slashes and take out html entities:

Here's the code for that:
array_pop($_POST);
if ( get_magic_quotes_gpc() == 1 ) {
// strips slashes if magic quotes is on
// required for use with m_r_e_s()
// returns $_POST with all values stripped of slashes
$_POST= array_map('stripslashes', $_POST);
}

foreach ( $_POST AS $key => $value ) {
/*
assigns a variable name for each POST index
returns the value run through htmlentities & m_r_e_s
*/
$$key = htmlentities(mysql_real_escape_string($value));
}

Otherwise I'm not sure why it would strip the file extension.

It seems that your field is not long enough to fit your data, maybe that's why the image extension is missing. Check your table definition.

lol... that was the problem. Man, thlk about over-analysing the problem. I feel stupid now.