Thanks for your comments.
I wouldn't want to supply documentation on the database as I wouldn't want to encourage people to mess with it.
Most of our clients would not want to know about the database, and if they do want to play with it they may not necessarily ask us about it first.
As the web application is sold to lots of customers the ownership of the code itself is written in the contract as remaining our property, though the data is theirs as you mentioned.
The support contract is renewable each year, this includes bug fixes and free updates of the system.
Some of our clients have been running the system for several years so far.
If they chose not to renew this then the code remains on their server encrypted and no futher support is offered.
If they wish to have certain data extracted in a specified format, then we offer this at the end of the contract for a small fee.
The support contract has no constraints upon it, however we do not want to support issues resulting from users messing up the database and data links.
I was thinking about the use of a checksum in each row, but that would mean reading all the values and calculating this each time.
Then I was thinking of encypting all data in the system, but also this has a big performance issue.
I was hoping that there might be people out there that have a better solution for us to use.
I have found loads of information on encypting php code, but none on protecting the database.