The v2.7 download had line 199 : die('Error: Failed security key check:' . $param_key);
I changed line 199 in v2.7 to : die('Error: Failed security key check:' . $param_key . ' ' . $key);
While I don't use Mark's script, and so I am not absolutely sure what the two variables are you that you mention, I can hazard a good guess from the message I have coloured up.
I am pretty sure Mark removed the second variable deliberately, what is the point of having a hidden key controlling write access if a failure to use it tells the hacker the key they should have used!
Post Script Edit: actually I have just looked at Mark's versions list
and see I am right.
// ver 2.6 - 02/04/14, Mark Crossley * Fixed PHP vulnerability that could reveal the passcode
I know you don't understand much PHP, Paul, but even you might guess that what is included in die messages has no effect on subsequent processing as the die instruction exits the code parsing.