Security in a message-board system

I'm coding a script which is similar to a sort of mini-messageboard. Staff post news, regular users add their comments, etc. etc.

What i want to do is secure this up. At the moment someone could insert some script and it would probably execute.

I've seen this:

...but would converting the chars be enough?

Are there any other security problems i could face?

Convert all <s and >s to < and >, respectively. This will cancel all HTML and PHP.

or you could use html_special_chars()