If `id` is always to be an integer, it would be wise to add:
PHP Code:
if(!is_int($id) {
die("That image is not valid.");
}
That way your code is not nearly as vulnerable to SQL injections. I would also add mysql_real_escape_string($id) inside the query too - but not absolutely necessary. Other than that, nice tutorial.