What type of data does your productid field hold?

If it's a varchar then you'll need to have quotes around the value to indicate that it is a string.
Also you should escape the $_GET data to help prevent a SQL injection attack.
I haven't done this. That's a job for you.

$prod_info = mysql_fetch_array(mysql_query("SELECT * FROM products WHERE productid = '".$_GET['product']."'"));

Good luck,
Barry.