There are three examples here. Two that use GET requests becuse they send no personal information. The other uses POST data which is inherently moresecure to use.
In all reality, it makes no difference whether we send GET or POST data over an SSL (https) request. BUT there is one big difference that has a definite impact on security. When sending GET data to a web server with standard logging, the GET request with wallet address and all would be logged on the server as the request URL. Using POST data, none of the user input would be logged. In additon, if a user were browsing and GET data was used, their wallet address and more could be viewed in the browsing history links. These two things make using POST data inherently more secure. Just keep this in mind while using PHPH1 as it will accept both GET and POST data. Choose wisely.
Secondly, it is highly recommended, if possible, to limit access to PHPH1 on your server. There is a way to whitelist ip addressess built into inc/config.php as well as a way to block specific addresses.
Just toss this file in your favorite html or text (Notepad++ is free and works well) editor to see the example code.
This example loads when the page loads and also loads when the button is clicked.
This is the Epoch data div
This example loads when the page loads and also loads when the button is clicked.
This is the block number data div
This example requires user input and only loads after submitting the form.
ONE Wallet Address:This is the transaction history data div