Hi,
in the decision phase you select on code and selector, whereas in the deletion phase you select on code and email, possibly deleting more than you intended.
Also your nesting levels are off: the second
$stmt->execute()
gets called even when the second
if($stmt = $pdo->prepare($sql))
would have failed.
BTW1: from your post, it isn't clear what type $now and $expires are. Are they timestamps, strings, ...
BTW2: there is no need to use bindParam: as you already know the value bindValue would suffice.
BTW3: the line
if(isset($_GET["selector"]) || isset($_GET["code"])){
is not quite correct (should be AND, not OR), and completely superfluous as the conditions have been checked before.
:)