关于导入txt文件到数据库的有关问题

<!--
Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/
-->
 
 $filepath=$_GET['uploadfile'];
echo $filepath;
require_once 'conn.php';
setlocale(LC_ALL, 'en_US.UTF-8');
error_reporting(E_ALL ^ E_NOTICE); 
$line=0;
$shipments=0;
$strSqla="SELECT MAX(number) FROM `sale_orders`";  //查询sale_orders表id字段最大值
$querya = mysql_query($strSqla,$conn); 
$resultaa= mysql_fetch_row($querya);
$maxnum=$resultaa[0];
$maxnum++;
$file = fopen($filepath,"r") or die("打开文件失败"); 
while (!feof($file)) { 
$buffer = fgets($file);
if ($line<>0)
{    
$u=explode('    ', trim($buffer));
if(!empty($u[0])){
  
$or_id=$u[0];
$or_it_id=$u[1];
$payments_date=$u[3];
$buyer_email=$u[7];
$buyer_name=$u[8];
$buyer_phone=$u[9];
$sku=$u[10];
$jj_sku=substr($sku,1,7);
$product_name=$u[11];
$quantity=$u[12];
$recipient_name=$u[16];
$ship_address1=$u[17];
$ship_address2=$u[18];
$ship_address3=$u[19];
$ship_state=$u[21];
$ship_postal=$u[22];
$ship_country=$u[23];
 
 $sql_detrde=" INSERT INTO `amazon_erp`.`sale_orders` (`number` ,`order_id` ,`order_item_id`,`shipments` ,`payments-date` ,`buyer-email` ,`buyer-name` ,`buyer-phone-number` ,`sku`,`jj_sku` ,`product-name` ,`quantity-purchased`,`recipient-name`,`ship-address-1`,`ship-address-2`,`ship-address-3`,`ship-state`,`ship-postal-code`,`ship-country`  )VALUES ('$maxnum','$or_id','$or_it_id',  '$shipments', '$payments_date','$buyer_email', '$buyer_name','$buyer_phone','$sku' ,'$jj_sku', '$product_name', '$quantity', '$recipient_name', '$ship_address1', '$ship_address2','$ship_address3','$ship_state' , '$ship_postal', '$ship_country')";   
 mysql_query($sql_detrde);   
 
 $myaf = mysql_affected_rows();
 
 if($myaf>0)
 {
echo "<br>import  $or_id   Success";
}
else
{
 echo "<br><font color="#FF0000">";
 echo "import   $or_id    Failure";
 echo "</font>";
 }
  
}
 } 
  $line++;
   
   }  
   
echo "<br>导入成功";
echo "<br>Possible file upload attack!\n";
echo ''; 
echo '';