I would not encode the value into the QR code. Instead, I’d generate it from a UUID, and I’d use that UUID to associate to a record that stores the value on a server I control. When the code is scanned, I then lookup that UUID and see what the value is, and if it’s been used cancel it so it can’t be used again.
Hope this helps.