Code:
$id = sqlesc($row['id']);
Seriously?
sqlesc is used for
INSERT and
UPDATE, not
SELECT! You are now here such nonsense in the post wrote that it's just awful.
Code:
$image = sqlesc(htmlspecialchars($row['image']));
htmlspecialchars ???
there are numbers and image expansion! Not a Title! You will check this title-text! Oh, how scary for people like you who do not understand how to put protection ...