If you don't know much about PHP security, the single best step to secure your installation is to start by using the recommended PHP.ini file for a production deployment (often called php.ini-production or php.ini-recommended). This will set sensible defaults you can tweak for your own app.

Also, open_basedir is nice and should be used whenever you can but it doesn't match a system-wide chroot.