Checking from your latest comment, I would assume that you have a table, expired_quizzes with at least three columns, quiz_id, quiz_filename and the boolean is_active. I would also normalize the table to a userid as well, so if user A views it and takes the quiz, user B can still see the video (makes cheating with a friend easier, though). It is hard to know exactly what is going on without seeing any code or structure, but try checking a couple of these things:

If you look up the quiz based upon a search, and the webpage uses a variable $_GET, then anytime the webpage is visited, it will always load the quiz. So considering:

http//www.yourwebpage.com/?quizfilename=viewablequiz.mp4

Depending upon your PHP instructions, it will always load viewablequiz.mp4. There are two recommendations to prevent it.

• Don’t load $_GET['quizfilename']. Rather load $_GET['quizid'] and recall the filename from the query with additional search parameters, such as:

  ‘SELECT * FROM expired_quizzes
  WHERE quiz_id='{$_GET[‘quizid’]}’ AND is_active=1
  LIMIT 1;’

Then, return row['filename'] in your PHP code, or handle with a response to the user if no results are found (no unexpired quizzes).

• Load the video via AJAX. Use a similar query on the PHP side as mentioned above, but since it requires a look-up after loading, a refresh of the screen will not load anything.

To prevent cheating, you should probably also have another table which records every time the video is viewed, with a timestamp and userid. It can help detect a cheating attempt later by seeing who was testing and viewing at the same time.

Of course, always protect against SQL injection and don’t put user input directly into the SQL statement.

For a more detailed analysis, you should post just the relevant PHP, HTML and SQL within the question.