Best Practices for Forming YQL Statements

Because YQL statements may contain user input and are passed as a query string parameter to the YQL Web Service URL, it is important to take some measures to make sure that they are properly formed. You can avoid malformed YQL statements that will lead to errors or potentionally contain harmful code by following the guidelines below:

  • Constrain and sanitize any user input that will be used as a key value.
  • Confirm that the values to input keys are enclosed in quotation marks.
  • URL-encode the YQL statement.
  • Use variable substitution for the values of input keys in the YQL statement.
  • For YQL statements that you plan to use often, use query aliases, which can also be used with variable substitution.

Table of Contents