prepare("SELECT name, mime, size, hash FROM " . DBPREFIX . "image WHERE id = %s;", $_GET["id"]); $result = $db->doQuery($sql); $f = $result->fetch_array(MYSQLI_ASSOC); if ( ! file_exists(IMAGE_PATH . $f["hash"] . ".gz") ){ header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found"); } else { header("Content-Type: " . $f["mime"]); header("Content-Disposition: inline; filename=".$f["name"]); header("Content-Length: " . $f["size"]); readgzfile(IMAGE_PATH . $f["hash"] . ".gz"); } break; default: header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found"); }