Off hand I think this calls for placeholders - something like:
my $sql2 = qq/
INSERT INTO transaction_details (quantity, gross_sales)
VALUES (?, ?)
/;
my $sth = $dbh->prepare($sql2);
while (<>) {
my $quantity = param("quantity");
my $gross_sales = param("gross_sales");
my $rv = $sth->execute($quantity, $gross_sales);
# Handle error if $rv is false...
}
This should handle all quoting (if any is necessary) and should also handle the conversion to "money" (which makes me think that this is a Sybase or MS-SQL database server...)
Michael