Maybe now is a good time to find out what a URI is?

print << HTML;
  <FORM onkeypress="return event.keyCode != 13;" ACTION = "/cgi-bin/sh
+habcam/parse_params.cgi?user=$user" METHOD = "get">
HTML
[download]

Also consider what to do about usernames like foo;admin=true or other such stuff, or users with names like

><script>alert("Hello Nurse!")</script>
[download]