If you want to avoid people performing directory traversal attacks by using ../../ in the file name you would be better off calling basename on the user supplied input to strip it down to a filename only.
See http://au2.php.net/basename for more details.
It is worth noting that the open_basedir flag only affects functions that check for it, in the past there have been several cases where php functions ignore the open_basedir flag, particularly in extensions such as imagemagick. Hence you should rather rely on secure coding practices and file permissions to restrict access to files.