ESX Code to give me or other players money

Hi, I’m a new developer and I’m started on my first big project I want to make an admin menu and for this I need the code to give me or any other money (trigger, code, and textbox) I’m German so sorry for my bad English. If you want to help me I can send you the Code from the menu for this

Hey ! :slightly_smiling_face:
Check the ESX doc, you’ll find all the usefull ESX related methods for your project :wink:

https://esx-framework.github.io/es_extended/server/xplayer/functions/addmoney/

For example, to give the player money you just use the addMoney() function server side :

local moneyExample = 100
local xPlayer = ESX.GetPlayerFromId(source)
xPlayer.addMoney(moneyExample)

Peace

I didn´t work, in the client.lua i have :
if data.current.value == ‘bankmoney’ then
TriggerServerEvent(“Admin_giveCash”)
end
And in the server.lua :
ESX = nil

local moneyExample = 100

local xPlayer = ESX.GetPlayerFromId(source)

RegisterServerEvent(‘Admin_giveCash’)

xPlayer.addMoney(moneyExample)

end)
But it didn´t work
Pls Help

Server side code :

Client side code :
screen87

You should never let any client-side code and/or server event do that. There are numerous ways a user can attempt to abuse such a thing and set the value they want. :confused:
This is a really bad practice that should be avoided at all costs.

1 Like

You are not checking if the player triggering the event has any sort of ACE permission at the very least. Anyone could trigger that event with any value they want.

That was not that what I asked, this I’m doing my self

i have then the error in server.lua attempt to index a nil value (local ‘xPlayer’) , i cant fix it

Yeah I always forget to do a “security” check, It came to my mind when @infinity_exhaust mentionned it.
Using something like IsPlayerAceAllowed() . But at the same time I was wondering : I’m aware and I understand why people can forge event triggers if they want to, but isn’t it possible to tamper the source value too in ? In wich case checking if they have the ACE permission wouldn’t prevent it no ?

You are declaring the xPlayer outside of the server event’s scope.

1 Like

I do not believe it is possible to spoof the source passed to server events using conventional cheating methods

Can you say me how to do that ?

This was already addressed by thibaultD one post after yours. While extremely unsecure, the syntax is correct and should work.