Hi there Sub_seven,

<?php
$username = "user";
$password = "pass";
$host = "localhost";
$database = "binary";

//assign connection handle
$conn = mysql_connect($host, $username, $password) or die("Can not connect to database: ".mysql_error());

mysql_select_db($database, $conn) or die("Can not select the database: ".mysql_error());

//assign and clean the $_GET variable
$id_number = ((isset($_GET['id']) && !empty($_GET['id'])) ? strip_tags($_GET['id']) : '');

//you never know
if($id_number == ""){
echo "No number was selected";
exit;
}

//set up the query & clean (not necessary, but matter of habit :))
$query_db = "SELECT * FROM `tbl_images` WHERE `id` ='".mysql_real_escape_string($id_number)."' ";

//execute query
$query = mysql_query($query_db) or die(mysql_error());

//if returns more than one row
if(mysql_num_rows($query) > 0){

//loop through results
while($row = mysql_fetch_array($query)){

$content = $row['image'];

header('Content-type: image/jpg');
echo $content;
}

else{
//no matches
echo "Sorry, no records found";
//sleep long enough for the message to be displayed
sleep(2);
//back to form no records found
header("location: yoursitehere");
exit;
}

?>

May contain errors, but you should get the idea from that, that's completely off the top of my head.

The use of @ on mysql_ functions is to suppress errors which is not advisable, but other than that just your logic needed a nudge..

Cheers,
MRb

Hey Matthew,

As always thanks so much for the help, there is indeed something wrong but my lack of experience does not let me find it, I've read through it several time with no luck, I'm getting a blank page no matter if the id has a picture or not, or if left blank, could you take a second look please? thanks again :)

<?php
$username = "user";
$password = "pass";
$host = "localhost";
$database = "binary";

@mysql_connect($host, $username, $password) or die("Can not connect to database: ".mysql_error());

@mysql_select_db($database) or die("Can not select the database: ".mysql_error());

$id = $_GET['id'];

if(!isset($id) || empty($id)){
die("Please select your image!");
}

else{

$query = mysql_query("SELECT * FROM tbl_images WHERE id='".$id."'");

if (mysql_num_rows($query)>0){
$row = mysql_fetch_array($query);
$content = $row['image'];
header('Content-type: image/jpg');
echo $content;
}
else{
die("Image not found!");
}
}

?>

This should do what you wanted.

Hi there Sub_Seven,

It's late and I'm tired, and my logic hat isn't on either, I have tweeked your original version so that it will work, unless I have missed something TOTALLY stupid out.

Basically I have just put the clause in to say if the $id_number is set, clean & assign, then use in the query, if the query is successful, display results, however if there isn't anything, display a message to say so - I hope you can tweek it to suit your needs :)

Whether I am right or not, I have limited the sql statement to return only one result, if thats wrong, just remove LIMIT 1 and you'll be right.

<?php
$username = "user";
$password = "pass";
$host = "localhost";
$database = "binary";

$conn = mysql_connect($host, $username, $password) or die("Can not connect to database: ".mysql_error());

mysql_select_db($database) or die("Can not select the database: ".mysql_error());

if(isset($_GET['id']) && !empty($_GET['id']) && ctype_digit($_GET['id'])){
$id_number = strip_tags($_GET['id']);

$query_db = "SELECT * FROM `tbl_images` WHERE `id` = ".mysql_real_escape_string($id_number)." LIMIT 1";

$query = mysql_query($query_db) or die(mysql_error());

if(mysql_num_rows($query) > 0){

while($row = mysql_fetch_array($query)){
$content = $row['image'];

header('Content-type: image/jpg');
echo $content;
}//while


}//second if
else{
echo "No results returned";
exit;
}

}//first if
else{
echo "No number selected please try again";
exit;
}
?>

Hope that it functions this time :) The bolded text in the first if is optional, you can remove if you want to, just thought as you could add an extra check to see if the supplied data was of the correct type. If it is an int, you can remove the single quotes from around `id` = '".mysql_real_escape_string($id_number)."'

[EDIT] I should type faster!

Cheers,
MRb

Thanks so much guys, both methods work pretty good, I'll start tweaking things to wrap it up and hopefully finish soon, your help is greatly appreciated, have a great evening/night :)