That's not how it works. You can't put the name/value pairs in the URL for the POST method, they go in the body of the request. They go in the URL for the GET method. The name/value pairs look like this: name=john&age=25&height=180&weight=65. You are also allowed to use semicolon as a separator instead of ampersand (&) because otherwise GET data in HTML documents would have to use escaped ampersands (&).
No, the & separates name/value pairs, the = separates the name from the value. Instead of name=username&value=chrisname it would be username=chrisname. Don't imagine the & means "and", it's just a separator. Like I said, you can use semicolon as well for GET requests (and probably POST as well): username=chrisname;password=niceTry.
Yeah, that's using the POST method. The GET method sends the query string (name/value pairs) in the URL, so it's less secure (whenever you see a ? in a URL, that's the start of a GET query string).
No, it would be password=flubergump. The & separates pairs of names and values (so you can send more than one variable at a time); the = separates the name from the value.
What you're doing is equivalent to writing int i = i; 5 = 5; in C++ when you should be writing int i = 5;.
How come I still get a 403 error? am i sending to right place? do i have to acount for its type= "hidden" i cant find documentation on this exact problem.