+$cgi->param('discount_term') =~ /^(\d*)$/
+ or errorpage("illegal discount_term");
+my $discount_term = $1;
+
+my( $payinfo, $paycvv, $month, $year, $payname );
+my $paymask = '';
+if ( (my $custpaybynum = scalar($cgi->param('custpaybynum'))) > 0 ) {
+
+ ##
+ # use stored cust_payby info
+ ##
+
+ my $cust_payby = qsearchs('cust_payby', { custnum => $custnum,
+ custpaybynum => $custpaybynum, } )
+ or die "unknown custpaybynum $custpaybynum";
+
+ $payinfo = $cust_payby->payinfo;
+ $paymask = $cust_payby->paymask;
+ $paycvv = $cust_payby->paycvv; # pass it if we got it, running a transaction will clear it
+ ( $month, $year ) = $cust_payby->paydate_mon_year;
+ $payname = $cust_payby->payname;
+
+} else {
+
+ ##
+ # use new info
+ ##
+
+ $cgi->param('year') =~ /^(\d+)$/
+ or errorpage("illegal year ". $cgi->param('year'));
+ $year = $1;
+
+ $cgi->param('month') =~ /^(\d+)$/
+ or errorpage("illegal month ". $cgi->param('month'));
+ $month = $1;
+
+ $cgi->param('payname') =~ /^([\w \,\.\-\']+)$/
+ or errorpage(gettext('illegal_name'). " payname: ". $cgi->param('payname'));
+ $payname = $1;
+
+ if ( $payby eq 'CHEK' ) {