My code-

$filename = basename($_FILES['file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
if (($ext=="txt")
&& ($_FILES["file"]["size"] < 2000000))
  if ($_FILES["file"]["error"] > 0)
    echo "Error: " . $_FILES["file"]["error"] . "<br />";
    {$newname = 'news/'.$filename;
     $fileread = $newname;
    //reading a file
$file = fopen($fileread, "r") or exit("Unable to open file!");
//Output a line of the file until the end is reached
      //inserting each data into table
      $insert = "insert into $name (serial,data,used) values('','fgets($file)','0')";
      $query = mysqli_query($connect,$insert);
          echo "cool";

So user uploads text file which consists of data per line. I wish to place the information in to the database up until the totally performed.

What's getting placed into db is fgets(Resource id #6) - which continues going till i stop.,'s out of control...

  $insert = "insert into $name (serial,data,used) values('','fgets($file)','0')";

You are placing the literal text fgets($file) to your database, since it is baked into parents string. You will want something similar to this, rather, that also (incidentally) removes sql injection weaknesses:

 $string = fgets($file);
 $string = mysql_real_escape_string($string);
 $insert = "insert into ... values ( ..., '$string', ...)";

Why escape it? I'm not sure what's for the reason that text file, but when The text consists of a lot like a single quote, it'll cause that specific place to fail by having an SQL syntax error, and today there is a missing line within the database.

You have to go ahead and take fgets on-site visit of single quotes which turn it into a string.

The function can't be recognized within the string and thus is construed as raw text.

I'd recommend:

//inserting each data into table
$data = fgets($file);
$insert = "insert into $name (serial,data,used) values('', {$data}, '0')";