無法在數據庫中插入following_id

Question

這是我的簡單網絡應用程序，它有一個錯誤，請幫助我:) 我無法在數據庫中插入following_id。我堅持了下來

*這是我application_controller

class ApplicationController < ActionController::Base 
    protect_from_forgery with: :exception 
    include WelcomeHelper 
end 

* WelcomeHelper

module WelcomeHelper 
    def login(user) 
    session[:user_id] = user.id 
    end 
    def current_user 
    @current_user ||= User.find(session[:user_id]) if session[:user_id] 
    end 
end 

* relation_controller

class RelationController < ApplicationController 
    def create 
    follow = User.find(params[:relation][:following_id]) 
    current_user.following << follow 
    redirect_to current_user 
    end 

* welcome_controller

class WelcomeController < ApplicationController 
    def index 
    end 
def create 
    user = User.find_by_username(params[:session][:username]) 
     if user 
     login user 
     redirect_to user 
    else 
     render 'index' 
    end 
    end 
def sucess 
    @users = User.all 
    @relation = Relation.new 
end 
end 

*關係模型

class Relation < ActiveRecord::Base 
    attr_accessible :follower_id, :following_id 
    belongs_to :follower, :class_name => "User" 
    belongs_to :following, :class_name => "User" 
end 

*的usermodel

class User < ActiveRecord::Base 
     attr_accessible :pass, :username 
# Who am I following? 
     has_many :relations, :foreign_key => :follower_id 
     has_many :following, :through => :relations 
     # Who am I followed by? 
     has_many :relations, :class_name => "Relation", :foreign_key => :following_id 
     has_many :followers, :through => :relations 


     validates :username, :pass, :presence => true 
     validates :username, :pass, :length => { :minimum => 4 } 
     validates :username, :uniqueness => true 

*關係表

class CreateRelations < ActiveRecord::Migration 
    def change 
    create_table :relations do |t| 
     t.references :follower 
     t.references :following 

     t.timestamps 
    end 
    add_index :relations, :follower_id 
    add_index :relations, :following_id 
    end 
end 

*路線

get "welcome/sucess" 
    get "welcome/error" 
    root :to => "welcome#index" 
    get '/users/:id', :to => 'welcome#sucess', :as => "user" 
    match '/relations', to: 'relation#create', via: 'post' 

    resources :users 
    resources :posts 
    resources :relations 

    post 'login' => 'welcome#create' 

* sucess視圖

Following 
<ul> 
    <% current_user.following.each do |u| %> 
    <li><%= link_to u.username, u %></li> 
    <% end %> 
</ul> 
Followed By 
<ul> 
    <% current_user.followers.each do |u| %> 
    <li><%= link_to u.username, u %></li> 
    <% end %> 
</ul> 
List Users<br /> 
<% if !@users.blank? %> 
<% for @user in @users %> 
<%= @user.username%><br /> 
    <%= form_for @relation do |f| %> 
     <%= f.hidden_field :following_id, :value => @user.id %> 
     <%= f.submit "Follow" %> 
    <% end %> 
<%end%> 
<%else%> 
<%end%> 

當我點擊 「跟隨」 following_id已發出：（我CURRENT_USER ID = 9）

{"utf8"=>"✓", 
"authenticity_token"=>"NxOq/F5tOuElvhJNLOvkt/25enUN1wDI05I0fKp998Q=", 
"relation"=>{"following_id"=>"11"}, 
"commit"=>"Follow"} 

，當我在軌控制檯檢查Relation.all，該following_id一直插入，但當我檢查（作爲curent_user帳戶）user.following - 我什麼都看不到，沒有following_id。我認爲在「current_user.following < < follow」關係控制器中出現錯誤。 我只能按照我的current_user，但它是可笑的:)）。所以，請幫助我!!!!!!

Answer 1

在將數據放入數據庫之前，您需要清理參數。

閱讀全文http://guides.rubyonrails.org/security.html