I’m afraid not.
I would recommend using prepared statements for this. Firstly, you can do away with mysqli_real_escape_string() which no one does anymore and insert user submitted data safely by letting SQL know what the query structure will be, before anyone can inject anything nasty into it.
Secondly when inserting within a (while) loop it’s more efficient to prepare just onece before the loop, then execute within the loop, swapping the data to the next row each time.
And please make the move to PDO also, you won’t regret it.
What people, ones you trust or just anyone? Do you have user authentication and user permissions systems?
Data submitted to your site can come from anywhere, not just your form, can be set to anything, and cannot be trusted. You must have error handling and validation for all data submitted to your site.
You must -
test if the upload worked before referencing any of the uploaded file information. you must test if the $_FILES array is not empty (it will be empty if the total size of the form data exceeds the post_max_size setting) and that the [‘error’] element is a zero - UPLOAD_ERR_OK
there’s no guarantee that the data is in a proper csv format or that there aren’t empty lines in the file. you must test that the fgetcsv() call returned data and there are the correct number of fields present in each line.
if any field must match a particular data type or format, you must validate the data.
since you did not set the character set (at all) to match your database tables when you made the database connection, character conversion can occur in the data and more importantly, the mysqli_real_escape_string() calls can fail to protect against sql special characters in a value from being able to break the sql query syntax, which is how sql injection is accomplished. you need to set the character set to match your database tables when you make the connection.
as already stated, you should use a prepared query, prepared once before the start of any looping, then simply supply each set of tested and validated data when you executed the query.
if there’s a chance of duplicate data, you must handle that, either by ignoring the duplicate, updating any changed values instead, or handling and displaying/logging the duplicate.