Could anyone help me to me

HTTP instead of HTTPS is by far the single biggest problem with your URL. Sending a password over HTTP is a horrible mistake. The only thing worse than sending a password over HTTP would be sending a credit card number over HTTP. Use HTTPS because it makes a man in the middle attack much more difficult. It also keeps the information you transmit more secure. HTTP sends information unencrypted which means it is pretty easy to see what is transmitted for any computer between yours and the website's host. Much less important, passing the userID through URL isn't ideal. A password would be far worse to pass by URL but a user id is part of your credentials to authenticate yourself so the user id also should be given some protection. All URL's get recorded by the browser's history so if that was a public computer, another person using the computer could uncover your userID. Instead of having the userID in the URL, you could rely on a temporary session ID passed through cookies. A session can let the server and your web browser share information that is remembered from page to page without passing anything through URL.