There's multiple problems with what you're doing, not the least of which is building an SQL query string using string concatenation. DO NOT DO THAT! It leads to the possibility of your database being corrupted and even completely destroyed!
Use parameterized queries. Google for "vb.net parameterized query" to find out how.
Now, having said that, your use of string concatenation is also masking the problem causing the error message. Convert the code to a parameterized query and use the SqlParameter objects you create and you'll end up with much more readable code and the solution to your problem.
Take a real close look at your SQL statement. You're missing a comma near the end of the list of values:
... dname.Text & "''" & cname.Text
^
Had you used a parameterized query, this would have been easy to spot:
sql = "INSERT INTO uservb (Book_name, Author_name, category, selling_price, stock)
VALUES (@bookName, @authorName, @category, @sellingPrice, @stock)"