Create a hash of your letters based on some internal key that your scripts know. Pass the hash to your form along with the letters, and check the submitted results to see if a hash of the user submission matches the hash you sent along with the form.

The following is a rough example of what I mean, but keep in mind that crypt only takes the first 8 letters of the seed into account, and if you want to pass more than that to the user, you'll need a better hashing method:

$str = 'weoij234joi';
$hash = crypt($str, '345oj34i');
$hash =~ s/[^\w]//g;

print "$str $hash\n";

# user enters...

$userchoice = 'weoij234joi';

$hash2 = crypt($userchoice, '345oj34i');
$hash2 =~ s/[^\w]//g;

if ($hash eq $hash2) { print 'Success!'; }
else { print 'Fail...'; }
[download]