It's safer to avoid the shell.

my $link = 'http://www.perlmonks.org/';
my $ie   = 'C:\\Program Files\\Internet Explorer\\iexplore.exe';
system($ie, $link);
[download]

Use start to use the user's prefered browser.

my $link = 'http://www.perlmonks.org/';
system('start', $link);
[download]

Defying the spirit of safety, using "start" will introduce the evil shell again:

D:\temp>perl
my $link = '"http://perlmonks.org/" & echo Oops!';
system('start', $link);
^Z
Oops!
[download]

yuck! Thanks for the heads up! I didn't know.

ikegami, granted that your method works.  But it's a wee bit vague just to say it's safer to avoid the shell.  Could you be so kind as to explain why it's safer?

Thanks for the information about "start"; that seems quite useful.

---

s''(q.S:$/9=(T1';s;(..)(..);$..=substr+crypt($1,$2),2,3;eg;print$..$/

In your case, I don't think it's safer. If $link was set by the user, he can set it to something like 'http://own3d.com ; format c:' (I just made that up). I'm not sure if that's a valid shell script in cmd.exe, but you get the picture. If you use the shell-safe construct, it would look to the shell like ie.exe 'http://own3d.com ; format c:', where $link is one paremeter. There's no chance for the use to do nasty things via the shell

When passing a command line to the shell, it must be properly quoted and escaped. When using the list form of system and exec, the shell is not invoked, so no quoting and escaping is needed.