Just as with your existing query that passes strings but without enclosing the numberic parameter variables by quotes:
$query = "INSERT INTO tablename (`strparam`, `numparam`) VALUES ('$strparam', $numparam)";
$result = mysqli($query);
See also
PHP: Prepared Statements - Manual[
^].
You may also prepare the statement and bind parameters. See
PHP: mysqli::prepare - Manual[
^] and
PHP: mysqli_stmt::bind_param - Manual[
^].
Using this is always the best choice because it avoids conversion problems by passing as value rather than strings (floating point values are not rounded, local settings for date, time, decimal point, and currency does not care).