Upgrading Rails 3.2 to Rails 4 and Params

I was upgrading my project from Rails3 to Rails4 with this tutorial: RailsCasts

I have a model:

class Test < ActiveRecord::Base validates :content, :presence => true, :length => { :minimum => 2 } validates :name, :presence => true, :length => { :minimum => 2 } validates :value, :presence => true end

After upgrading, in rails console I tried to create new test object

Test.create(name: "asd", content:"asd", value: 5)

And got

WARNING: Can't mass-assign protected attributes for Achievement: name, content, value (0.2ms) BEGIN (0.2ms) ROLLBACK => #<Test id: nil, name: nil, content: nil, value: nil, created_at: nil, updated_at: nil>

Looks like I forgot to upgrade something. I tried to re-create rails application with overriding config and other rails files, but nothing changed.

I created new empty project and copied model files. It was working OK.

If I'll add

config.active_record.whitelist_attributes = false

to config/application.rb, my upgraded project will be working good. But it's not normal, because in empty rails4, this line was deleted.

What I forgot to upgrade or what must I do, to make upgraded project to work like empty created with rails4 and without config.activerecord ...?


raw_params = {:name => "asdasd", :content=>"asdasdasd", :value=>5} => {:name=>"asdasd", :content=>"asdasdasd", :value=>5} 2.0.0dev :002 > params = ActionController::Parameters.new(raw_params) => {"name"=>"asdasd", "content"=>"asdasdasd", "value"=>5} 2.0.0dev :003 > test = Test.create(params.permit(:name, :value, :content)) WARNING: Can't mass-assign protected attributes for Achievement: name, value, content (0.2ms) BEGIN (0.2ms) ROLLBACK => #<Test id: nil, name: nil, content: nil, value: nil, created_at: nil, updated_at: nil>


In Rails 4, attr_accessible is not used any more to do mass-assignment checking. Mass-assignment refers to the practice of creating or updating a Model object by passing a hash of values. When you do mass-assignment in Rails 4, you have to specify which parameters are allowed and which ones are not. This is due to security reasons.

Take a look at the repository for strong_parameters, it contains a brief explanation of how mass-assignment security works in Rails 4. Especially look at <strong>Use Outside Of Controllers</strong>.


  • Fail to login Google Play Game Services
  • Trying to update sum num for my GridView with my access Database have problem [duplicate]
  • Achievement order in default game center view controller
  • rollback sql transactions if any failed in c#
  • Concurrency scenarios with INSERTs
  • How to remove key+value pair from an object of Array [duplicate]
  • Sql Server 2008 sp_executesql syntax help - I think my quotes are not correct
  • Regexp, capture between parentheses, javascript
  • iOS - MKOverlayView custom view rect fills works, but line draws do not
  • CSS Grid, position absolute an element in a css grid item: IMPOSSIBLE
  • Entity Framework unable to delete database, database in use
  • Selectively hide background elements when overlayed with transparent div
  • Flex items with same property values are rendering in different sizes
  • how to get data attributes of dynamically generated element
  • Dynamically load css stylesheet and wait for it to load
  • Calculating ratio of reciprocated ties for each node in igraph
  • Undefined references when compiling gSOAP client
  • Autofac with Web API 2 - Parameter-less constructor error
  • Laravel: Getting Session ID oddly truncates when using foreach
  • RxJava debounce by arbitrary value
  • ListItem.Attributes.Add not working
  • Bypass multiple inheritance in Java
  • How solve “Qt: Untested Windows version 10.0 detected!”
  • C: Incompatible pointer type initializing
  • How to change the font size of a single index for UISegmentedControl?
  • HTTP/2 streams vs HTTP/1.1 connections
  • Recording logins for password protected directories
  • how to do an event when i swipe from fragment to the other
  • Deselecting radio buttons while keeping the View Model in synch
  • Menu Color Fade on Hover with Jquery
  • Function pointer “assignment from incompatible pointer type” only when using vararg ellipsis
  • Akka Routing: Reply's send to router ends up as dead letters
  • AT Commands to Send SMS not working in Windows 8.1
  • Run Powershell script from inside other Powershell script with dynamic redirection to file
  • How to delete a row from a dynamic generate table using jquery?
  • json Serialization in asp
  • Rails 2: use form_for to build a form covering multiple objects of the same class
  • How do I configure my settings file to work with unit tests?
  • How to stop GridView from loading again when I press back button?
  • Is it possible to post an object from jquery to bottle.py?