penders - 9:41 am on Jun 30, 2011 (gmt 0)
Is it the URL of your actual script that you want to prevent Google from indexing? Or www.external-site.com/product/... ?
By default the header("Location:..."); redirect returns a 302 (Found) Status Code, so the search engine is still likely to index the URL. I would have said that you should send a 301 (Moved Permanently) instead.
header("Location:http://www.external-site.com/product/". $PRODUCTNUM1234 ."/myid",true,301);
However, this will then result in www.external-site.com/product/... from being indexed. But then that is down to external-site.com to block (robots.txt or robots META tag).