by Nobbie » 02. April 2018 16:15
The by far best protection: dont allow others to upload PHP files to your htdocs folder. Would you allow others to install any Executable into your Windows drive? Thats basically the same.
Anyway, there is an open_basedir option in php.ini, which restricts PHP to a certain directory tree (you should read the documentation). But this of course affects your own PHP scripts as well.