// Send the Image as Base64 Data directly to the browser.
// No File on the Server! No Hacker Problem.
ob_start();
imagepng($img);
$ImageData=ob_get_contents();
ob_end_clean();
echo '<img src="data:image/jpg;base64,'.base64_encode($ImageData).'">';