It's certainly possible. As long as PHP (probably running under Apache) has access to the virtual hosts config file it's as simple as appending data to the file and calling exec('sudo apache2 restart');
.
Is it advisable? No. If you're accepting any type of user input you're opening yourself up to a security vulnerability if you miss even one piece of input sanitation. Even if you lock down the page to require authentication there could be something you missed.
If you want to make it easier to manage the virtual hosts use some sort of administration software.
What purpose would you need to automatically make vhosts, anyway?