Passing Variables - Best/Common Practices

When I pass a variable from one page to another using something like

"www.mysite.com/page2.php?order=user_id&dir=asc"

This is in plain sight in the address bar. In the example above I am passing the name of one of my DB fields.

Should I be concerned about users seeing the names of my DB fields?

Without using a form, how would I pass these same variables via a POST (if possible)?

What types of information/variables (aside from personal info, passwords, credit card#'s etc...) should be passed using sessions?

Being new to PHP I am looking for general "best practices". I'd rather ask at the start than have to unlearn bad habbits later.

Thanks

you don't have to name the get query strings the same as the DB fields. In fact i recommend using completely different names to avoid any sort of injections.
If you want to remove them from the address bar try using post queries.

Without using a form, how do you pass variable via a POST? So far I have only seen how to pass via "my_page.php?var=1" type of examples. What is the format for passing via post?

You can pass variables via SESSIONS as well, which is probably the best way to go, in your case.

HTH
Dan