How to protect JSON response?

Question

I am currently developing an Online Examination web app. Where students can take part in exams online. Teachers can add exams questions, and it will be retrieved for the students. I am using Codeigniter PHP framework.

For the questions table I have it roughly like this:

And to retrieve that, I use an ajax call using GET method and the response will be in JSON. For the backend, I select from that table and return it using

json_encode()

This is the code:

Client Side

function getQuestions() {
    $.ajax({
        url: "exams/getQuestions",
        method: "GET",
        dataType: "json",
        success: function(data) {
            $("#lblA").html(a[0]);
            console.log(data)
        }
    });
}

Controller

public function getQuestions()
{
    $results = $this->ExamModel->getQuestions();
    //print_r($results);

    echo json_encode($results);
}

Model

  public function getQuestions(){
    $this->db->select("*");
    $this->db->from("question");
    $query = $this->db->get();

    if ($query->num_rows() > 0) return $query->result();
    else return false;    
  }

What I get as response is:

As you can see because in questions table I have a right_ans column, it also shows up. I see it as a security risk because then students would know the answers. So my questions are how would I prevent students from knowing it?

I have an idea to create one more column in questions table as ans_d and have right_ans column as well, but when retrieving the data, I don't select the right_ans column. I am still uncertain, so I appreciate all help!

Thank you.

Answer 1

Just modify your select and select fields that you need:

$this->db->select("id, question, ans_a, ans_b, ans_c");

In this case no one will see any other fields as they are not selected and therefore not passed to client.

Answer 2

只需获取除回答外的所有列即可：

  $this->db->select("ans_a,ans_b,ans_c,id,question");