Ruby on rails ActiveRecord保存：Rails 3.2.19和Rails 4.2.0的区别

我有两个相同的项目：Rails 3.2.19和Rails 4.2.0beta4。 当我尝试做

Foo.create时在Rails 3.2和Rails 4.2中，我在Rails控制台日志中看到了不同的查询

Rails 3.2输出：

INSERT INTO `foos` (`created_at`, `updated_at`, `column_1`,`column_2`, ...) VALUES ('2014-11-19 11:20:28.391649', '2014-11-19 11:20:28.391649', NULL, NULL, ...)

INSERT INTO `foos` (`created_at`, `updated_at`) VALUES ('2014-11-19 11:20:28.391649', 545662, '2014-11-19 11:20:28.391649')

Rails 4.2输出：

INSERT INTO `foos` (`created_at`, `updated_at`, `column_1`,`column_2`, ...) VALUES ('2014-11-19 11:20:28.391649', '2014-11-19 11:20:28.391649', NULL, NULL, ...)

INSERT INTO `foos` (`created_at`, `updated_at`) VALUES ('2014-11-19 11:20:28.391649', 545662, '2014-11-19 11:20:28.391649')

请解释为什么不同的Rails版本会执行不同的查询，以及为什么会执行不同的查询？
这与4.x版本中默认启用的查询有关。
以文档中的示例为例：

class PeopleController < ActionController::Base
  # This will raise an ActiveModel::ForbiddenAttributes exception because it's using mass assignment
  # without an explicit permit step.
  def create
    Person.create(params[:person])
  end

  # This will pass with flying colors as long as there's a person key in the parameters, otherwise
  # it'll raise an ActionController::ParameterMissing exception, which will get caught by
  # ActionController::Base and turned into that 400 Bad Request reply.
  def update
    person = current_account.people.find(params[:id])
    person.update_attributes!(person_params)
    redirect_to person
  end

  private
    # Using a private method to encapsulate the permissible parameters is just a good pattern
    # since you'll be able to reuse the same permit list between create and update. Also, you
    # can specialize this method with per-user checking of permissible attributes.
    def person_params
      params.require(:person).permit(:name, :age)
    end
end

class PeopleController

在
person\u params
方法中，您需要允许更改所有要更改的参数。
因为他们更改了代码以提高效率。你可以找到它，但这不是一个真正的问题。