Yeah that version works but as Osgeld said it doesn't have any security so the only protection is that no-one knows the name of the file you are creating.
Another way to do this would be to use an MySQL database to store the info. Databases are password protected as far as I'm aware so it's a little more secure. Of course this also increases your workload in terms of scripting. I have an example of the lsl and php needed to do this so but it's at home and I'm at work. IM me or wait for me to get home to post the code

ooops didn't read OP properly. The scripts I've got won't echo the results back to SL but I will still happily share what I have.
The LSL code (the bit your interested in is the llHTTPRequest)
integer price = 400;
key req_id2;
string lname;
default
{
state_entry()
{
//Set up quick pay
llSetPayPrice(PAY_HIDE, [PAY_HIDE ,PAY_HIDE, PAY_HIDE, PAY_HIDE]);
llRequestPermissions(llGetOwner(), PERMISSION_DEBIT);
}
run_time_permissions(integer perm)
{
//Get owner debit permissions
if(perm & PERMISSION_DEBIT)
state cash;
}
}
state cash //with perms set up price
{
state_entry()
{
llSetPayPrice(PAY_HIDE, [price ,PAY_HIDE, PAY_HIDE, PAY_HIDE]);
}
money(key id, integer amount) //when paid do this
{
if(amount != price)//if not paid the right amount refund the amount
{
llGiveMoney(id, amount);
llInstantMessage(id, "You paid "+(string)amount+", which is the wrong price, the price is: "+(string)price);
}
else //if paid the right amount do this
{
lname = llKey2Name(id); //Get the payers key
//This bit sends the info to the PHP file on my server
req_id2 = llHTTPRequest("http://mywebsite.com/my_php_file.php", [HTTP_METHOD,"POST", HTTP_MIMETYPE,"application/x-www-form-urlencoded"], "name=" + lname + "&key=" + (string)id);
llInstantMessage(id, "You paid the right price");//Confirm amount
llGiveInventory(id, "my_item");//give item
llEmail("myaddress@host.com","sales","my message" +llKey2Name(id)); // email me with what I sold and who to
}
}
}
The PHP code
<?php
$username="my_user_name";
$password="my_password";
$database="localhost";
$db="my_database";
$name = $_POST['name'];
$key = $_POST['key'];
$table = "my_table";
$conection = mysql_connect($database,$username,$password);
mysql_select_db($db, $conection) or die( "Unable to select database");
$query = "INSERT INTO `my_table` (`name`, `key`) VALUES ('".$name."', '".$key."')";
mysql_query($query) or die(mysql_error());
mysql_close();
?>
Sorry I don't have the echo info in there but it gives you an idea of how the info is passed around.
You will need to be able to host mysql on your site for this to work and set up a databse and table for the info to go in