This may not be correct since I am judging simply on the syntax colouring applied by the Code Project <pre></pre> tags, which incidentally I have had to apply on your behalf).
This part appears not to be correctly formatted (everything after
mSearch.Text +
is considered to be one string.
cmd.CommandText = "select M_Photo from MemberPhoto where M_id='" + mSearch.Text + '";
DataSet ds = new DataSet();
OleDbDataAdapter da = new OleDbDataAdapter();
da.SelectCommand = cm;
da.Fill(ds, "MemberPhoto");
pictureBox1.Image = GetPhoto((byte[])dd.Tables[0].Rows[0]["M_Photo"]);
whereas
cmd.CommandText = "select M_Photo from MemberPhoto where M_id='" + mSearch.Text + "'";
DataSet ds = new DataSet();
OleDbDataAdapter da = new OleDbDataAdapter();
da.SelectCommand = cm;
da.Fill(ds, "MemberPhoto");
pictureBox1.Image = GetPhoto((byte[])dd.Tables[0].Rows[0]["M_Photo"]);
appears correctly formatted.
All of this could have been avoided by your using a 'parameterized query' (just Google that for examples). Doing so will also help to avoid SQLInjection attacks.