I would look at a solution that uses some type of encryption. Something that uses microtime and browser info (ie, IP) as the string/salt.
Md5 would be safest but a 32 character coupon code is probably out of the question. You could use DES or Extended DES but the odds of collision go up. Merging two unique 11 digit DES strings (without the salt) would lessen the odds of collision and give you a 22 character coupon code.