You must have misplaces your single quote at the end of your query.
In below line of code:
$sql="INSERT INTO `product_tbl` (`product_name`, `product_details`, `product_cat`, `product_sub_cat`, `product_img`, `meta_title`, `meta_description`, `schema`, `product_status`) VALUES ('$pname', '$content', '$category', '$subcat', '$pathname', '$meta_title', '$meta_description', '$schema,' '0');";
At the very end you have the
If you try to look at it more carefully then you can see that you have closed a single quote for a
$schema after your comma. and It should be the
This will surely solve your current problem, but as per my experience I can tell you that your code looks very vulnerable to the
SQL Injection. So it is always better to do some research on it and how to fix the issue(Using the prepared statements and the parameter binding).