Load string runs code. An example is loadstring(“print()”). This would run the print function. RunStringEnabled has to be set to true in server script service. This would be used if you meant making a function as a string when you said “make function on server”. (RunStringEnabled can make your game more exploitable.)
Edit: typo(wrote this on my phone)
Oh is the loadstring enabled depreciated now? Or maybe for the client?
Search on the Tool Box for “Custom Loadstring” and click the first result. Then just require the module from the client.
local ReplicatedStorage = game:GetService("ReplicatedStorage")
local loadstring = require(ReplicatedStorage.LoadStringModule)
Loadstring will always be disabled on the client. Idk why…
Functions are serilizable.
it wont run. im confused right now.
Copy and paste if you feel good with it, the script. So I can see what you did.
- Server Script Code
- Client Script Code
The answer on the site mentions you needing loadstring to deseralize them…
So? LoadString is used to deserilize functions.
server
local Code = [[
local part = Instance.new("Part",workspace)
]]
game.ReplicatedStorage.RemoteEvent:FireAllClients(Code)
local
local loadstring = require(game.ReplicatedStorage.Loadstring)
game.ReplicatedStorage.RemoteEvent.OnClientEvent:Connect(function(code)
print(code)
loadstring(code)
end)
1 Like
That’s it, you forgot to execute the function. Loadstring returns a function. You need to load it 
YOOOO, thats works. lemm play around with it.
1 Like
By the way its still open for other methods.
Functions are serializable through string.dump, sure, I’ll give you that. Only if you can actually use string.dump though.
But then how are you going to execute code without loadstring? The only way that seems apparent to me is creating a secondary Lua VM and then using that as your own loadstring. The general idea is to attempt to not transmit functions of any form, whether it be serialized or otherwise, through the client-server boundary. That’s common sense–it’s very insecure.
Next, string.dump cannot be used in Luau. I can’t fathom why you would even bring up an article that’s meant for native lua of which is centered around a function that doesn’t even exist. If I may ask, please don’t create replies for the sake of disproving someone. It’s not cool. 
I wasn’t talking about luaU, I was talking about lua.
This isn’t good practice for that reason, sure, but also an entirely different reason:
It’s not safe. Having an open loadstring function that can be manipulated by the client is a terrible idea. It’s not a matter of indexing something, it’s a matter of having a huge vulnerability in your game. Please don’t consider doing this in a serious game, it’s not a good idea and exploiters will definitely try and use that as a vital point to mess with.
1 Like
Just remember that exploiters can get the script’s code easily by just printing what the RemoteEvent got. So, I prefer module scripts so they need to Decode it, a bit more difficult than just printing the function’s code.
Why you talking about lua if im asking for help in roblox forum…
The statement, functions aren’t serilizable wasn’t directed to LUAu if it was then I would agree. Maybe if it was more specific I would have thought that.
Got it. its time to do perfect effects module script.
1 Like