I'd a apache web server which can run php script. But when we produce the map file through map server it needs to point out the folder which has writable access under web server. (e.g www/temp).So some hackers can dump the script into that folder.
So, I decided to move that folder out of the web server(i.e move to root ).
But I'm not sure some scripts inside the php file written can really call from out of the web server or not?
Please advise me.

Yes, you can run PHP from a shell prompt.