Use parameters, and make sure the quantity input is numeric:
Dim quantity As Integer
If Not Integer.TryParse(textbox1.Text, quantity) Then
Return
End If
Using con As New SqlConnection("...")
Using cmd As New SqlCommand("UPDATE tbl_medicine SET quantity = quantity - @quantity WHERE Item_code = @ItemCode", con)
cmd.Parameters.AddWithValue("@quantity", quantity)
cmd.Parameters.AddWithValue("@ItemCode", txtCode.Text)
connection.Open()
cmd.ExecuteNonQuery()
End Using
End Using