I am pretty new to posting to this list, but I am not sure that your message belongs on this particular group, since I don't see its relevance to win32 kernel programming. I also haven't written PHP before, but I do see some problems.
Post by chirag sharma
I have created an online PHP code executor at http://web.guru99.com
Though I have checked all security aspects ... do you experts see any major flaw that I need to care of?
Did you sandbox the php readfile?
Did you ensure that PATH does not contain executables you would like to run, and also chroot the process so it cannot explicitly specify the path for a system command?
Your page allows cross-site scripting (XSS).
Anyway, I hope this helps. You may wish to try running some of the PHP security scanners to find other problems than my ad-hoc testing.