You need to know the url variables. If you know that you can then add values to them. Example url
after the php you need a question mark or ? . This can also be done with a html page to or pretty much any script file.Then the url variable follow by an equal sign or = . This says make this url GET variable have the value after the equal sign. If there is more then one url variable you need to add an and sign or &. You can also use & but most servers have it as & . The above url has two variables that will be sent to the script via GET. POST types aren't sent so they can be seen via the url. You'd need packet filtering for that. However most use REQUEST in php so it doesn't need to filter request types. Also php doesn't use strong type, they are more or less validating the data being passed as int and string because php does not support types unless your type casting.
the variables would be retrieved like so
$user = $_GET['uid'];
$session = $_GET['sid'];
$session = $_REQUEST['sid'];
lots of sites dont validate their GET data and sql injections happen.