Safari browser will not accept my cookie it is ignoring it? have I done something wrong with how the cookie is presented for safari???

The cookie I try to set: setcookie('peg', 'YES', 'time()+190', '', 0);

Also all browsers are starting my phpsession off when its not even declared until after the post request? Can someone please help and tell me why my session is getting set, as when I go to the page I can see that the php session is being set as I check the cookies it has the phpsession there? Totally puzzled?

Here is my code again.

// Include the connections script to make a database connection.
	include("inc/connect.php");

$username = "";
$password = "";
$errorMessage = "";

function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
	$username = $_POST['username'];
	$password = $_POST['password'];

	$username = htmlspecialchars($username);
	$password = htmlspecialchars($password);


	$db_found = mysql_select_db($db, $connection);

	if ($db_found) {

		$username = quote_smart($username, $connection);
		$password = quote_smart($password, $connection);

		$SQL = "SELECT * FROM tablea WHERE username = $username AND password = '".md5($_POST['password'])."'";
		$result = mysql_query($SQL);
		$num_rows = mysql_num_rows($result);


		if ($result) {
			if ($num_rows > 0) {
				session_start();
				$_SESSION['username'] = "$_POST[username]";
				header ("Location: index.html");
			}

			/* New Block Log in attempts*/

			else {
								
					session_start();
					$_SESSION['attempts'] = "+1";

					# setup SQL statement
					$SQL = " INSERT INTO tableb ";
					$SQL = $SQL . " (sid, username, password, attempts, ipaddress) VALUES ";
					$SQL = $SQL . " ('$_COOKIE[PHPSESSID]', '$_POST[username]', '$_POST[password]', '$_SESSION[attempts]', '$_SERVER[REMOTE_ADDR]') ";
				
					#execute SQL statement
					$result = mysql_db_query( *****,"$SQL",$connection );

					# check for error
					if (!$result) { 
					echo("ERROR: " . mysql_error() . "\n$SQL\n");  
					} 
						else {
								# setup SQL statement 2
								$SQL = "SELECT * FROM tableb WHERE sid = '$_COOKIE[PHPSESSID]' ";
								$result = mysql_query($SQL);
							
								if (mysql_num_rows($result) ==0) {
											$errorMessage = "Please check your username and/or password is correct";
								}
								elseif (mysql_num_rows($result) >=3) {
											header ("Location: index2.html");
								}
								else {
									$errorMessage = "Please check your username and/or password is correct";
								}
							}
				}
			/* END */
	
		}
		else {
			$errorMessage = "Please check your username and/or password is correct";
		}

	mysql_close($connection);

	}

	else {
		$errorMessage = "Please check your username and/or password is correct";
	}

}
?>

I have had problems with setting cookies in some versions of IE in the past, and I've discovered a few quirky things about how some browser do cookies. For one, by using the expiration argument, I was having issues with IE setting the cookie at all - I'm still not totally sure why. One possibility is that when you use the expiration time, the stamp that gets set in PHP is based on the server's LOCAL time, whereas when the cookie gets set, that is done through your browser. This means that you should be careful (when using small expiration times) because if you set a cookie for one hour, and the server is 5 hours behind you, the cookie may never get set for you, because your browser will try to create the cookie with a time in the past (which is the same thing as unsetting it).

I would first try and remove the expiration argument as a test to see if it sets then.

If that still doesn't show any sign, I would try explicitly writing in the domain argument and the path argument. To play it safe with the domain argument, just do ".example.com" (which will work for all sub-domains of example.com).

Let me just say this though - PHP needs to do some serious tweaking to their cookie setting to account for all these browser discrepancies because it SHOULD automatically know what is needed to satisfy each browser, but it doesn't, and you are expected to figure it all out. I spent many, many hours dealing with this sort of crap to appease IE, and it worked for me when either I'd remove the expiration time (which isn't an option for me since I NEEDED it to be custom) or to explicitly pass the domain and path arguments to the setcookie function.