If what you are trying to do is extract variables from a url there is no need to use http_get. Just use the global variable $_GET.
One should also sanitize the input. So maybe this would be better;
$user = mysql_escape_string($GET['user']);
$password = mysql_escape_string($GET['password']);
On the other hand one does not normally want to expose user names and passwords in plain text in a url. Hopefully those are only examples of what you are trying to do.