Passing a dynamically generated variable into $_SESSION

Passing a dynamically generated variable into $_SESSION

I'm trying to use the following code to dynamically generate a list of
links to video files on a website. Instead of creating a separate page for
every video, I wanted to be able to have a template page (ex: video.php)
and have it generate the streaming content based on information passed on
to it from the previous page. Essentially, the chapter_id field will allow
me to pass that variable into MySQL and pull the URL info along with file
description, and help store any type of feedback data (such as poor
quality video, or a type of ratings system).
PHP/HTML:
while ($rows = mysql_fetch_assoc($subscriptionResult)) {
$user_id = $rows['user_id'];
$course_id = $rows['course_id'];
$sqlChapters = "SELECT * FROM `chapters` WHERE
`course_id`='".$course_id."' ORDER BY `chapter_id`";
$result = mysql_query($sqlChapters) or mysql_die($sqlChapters);
if (mysql_num_rows($result) > 0) {
while ($rows = mysql_fetch_assoc($result)) {
$chapter_id = $rows['chapter_id'];
$course_id = $rows['course_id']
$title = $rows['title'];
echo '<li><a
href="http://localhost/video.php>"',$title,'</a>,</li>';
}
}
}
What I wanted to do was maybe use the following <a
href=localhost/video.php?data_id=',$rows['chapter_id'],'>',$title,'</a>
So the goal is to pass chapter_id into $data_id.
But the concern I have is: It's not as secure as session, someone can
manually input a chapter_id and still access the video (I know I can write
additional code in the video.php to verify that the right user is
accessing it).
Is there another way to do this, maybe using javascript?
PS. I am aware that mysql_* functions have become deprecated! Thank you in
advance for the warnings!