That's because it's loaded from here:
$medan = explode(",", fgets($fail));
inside a loop, and if the final line is empty or contains no comma it will be an array with only a single element.
You need to check if the line has content before you start processing it rather than just assuming data exists!
[edit]
It's also a very bad idea to deal with databases like that:
1) Never assume column ordering in INSERT statements:
INSERT INTO MyTable VALUES (17, "Bicycles")
Assumes that the first column is numeric and the second is text, and that may not be the case as the first column of a table is very often a row ID column which is either GUID or an IDENTITY column you cannot change.
Always specify the columns by name:
INSERT INTO MyTable (QtyPurchased, Desc) VALUES (1, "text")
so that changes to the DB do not cause your app to crash, or worse corrupt the DB.
2) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
[/edit]