If you want the video link to be useless except in the context of the page you’ve just returned to the client, you can do something with server-side code.

The usual thing is a one-time or limited-duration ID that’s generated specifically for the page. For instance, ab23jjgk23098jajzklwravmzzxwrpo2q3476as rather than 117. On the server, you have a table mapping these one-time / limited-time IDs to the real ID. In the table you can also link the ID to the IP address of the request for the page, and then only respect the ID if the request for the video comes from that same IP address. It’s important that the IDs not actually contain the video ID (obfuscated or not), hence the server-side table, and that they be effectively random.

I say “table,” but of course it needn’t really be a database table. It could be anything that lets you store key/value pairs, such as memcached.

Update based on your comment below.

Without server-side mapping (database, session, memcached, etc.), all you can do is some obfuscation, and it’s going to be easy for anyone semi-technical to break. If what you’re outputting is a URL (in a link, in an object tag, etc.), you can use URL-encoding to make it hard to read, e.g.:

<a href='video.php?%6e%6f%6e%73%65%6e%73%65=%66%6f%6f&%69%64=%31%31%37&%72%75%62%62%69%73%68=%62%61%72'>video</a>

…which, when clicked, will call your video.php file with the parameters nonsense=foo, id=117, and rubbish=bar (that’s what’s encoded in the query string, using percent-encoded entities). But again, although it might deter non-technical people, technical people won’t be fazed.