I am developing a project with PHP + MySQL and install it to my client's windows server. In my app database there will be some confidential info. Its very easy to copy the database folder located in data directory under mysql and paste it to any mysql server and modify that. (in windows).

How can I protect my database from that action?

This seems a bit obvious so it might not be the answer you expect, but why not simply set up the directory permissions so that only the user under which the mysql server runs can read/write in it?

Of course someone with an admin account on that computer will still be able to access it, but then I don't see how you could avoid that.