If possible, cast the types of your parameters. But it's only working on simple types like int, bool, and float.
$unsafe_variable = $_POST['user_id'];
$safe_variable = (int)$unsafe_variable ;
mysql_querymysqli_query($conn, "INSERT INTO table (column) VALUES ('" . $safe_variable . "')");