When handing off to another program, you need to escape strings.
For example, in
<td><a href="full_table_row_results.php?ID='.$row['ID'].'">'.$row['ID'].'</td>
The first $row['ID'] needs to be run through urlencode, and not quoted. The second one needs htmlentities. When handing to mysqli, you need real_escape_string:
$s = $handler->real_escape_string($id);
$sql = "SELECT ID, NAAM, CONTACT,FROM `table` WHERE ID = '$s'";
Quotes are optional if $id is a number, but beware of "SQL injection". No parentheses. etc.