If you want to restrict PHP to each user's own home directory you need a PHP setup in which:
- PHP runs with the user credentials
- PHP accepts a per-user configuration
A typical case is a CGI (or FastCGI) setup, rather than running PHP as Apache module. Then you can provide a custom php.ini file for each user.
BTW, I haven't tested it but perhaps open_basedir = "~"
works as expected...
====== EDIT ======
Some clarifications that arise from the OP's comment:
In Unix shells, "~" is a synonym for "current user's home directory" so it's "/var/home/john" if you are john and it's "/var/home/michael" if you are michael. "var/home/~/" has no special meaning: it's just a directory that's called ~.
Many programs use this shell convention. I don't know if PHP does so.
CGI allows to execute arbitrary programs on the server so it is less secure than static HTML the same way that a skateboard is less secure than a space shuttle. But we are not talking about executing arbitrary programs: we are talking about executing the PHP interpreter. It'll be as as secure as PHP and your environment are.
If you are interested in the subject, Google for FastCGI (a CGI implementation with enhanced performance). Many hosting providers use it.