$con = mysql_connect($localhost, $user, $password);
die('Could not connect: ' . mysql_error());
It's always a good idea to check DB calls for errors, similar to the error check in the mysql_connect() you used above... but there is an easier (and tidier) way.
Secondly, it appears that you are using a config file to store the DB login details. It is also a good idea to store the DB name in same way, providing a 2nd barrier of security if users access the source code. See below:
$con = @mysql_connect($localhost, $user, $password) or die (mysql_error());
$db = @mysql_select_db($dbname, $con) or die (mysql_error());
*define $dbname in same config file as $user,$password etc.
Note: Prepending calls with "@" suppresses the error message (best used when site goes live so users don't see the errors/urls etc) but is also ignored when mysql_error is appended to the same call (during development).