Just a couple questions on this script. it looks like your code snippet is pointing to a temp directory to store the image. are you actually storing the physical image in the db? and wouldnt that be kinda hoggish on the db? :p

im not really seeing any authorization on the db either or what db to throw it in. i guess this script is assuming you have a already completed a login process that has got ya a cookie.