diff --git a/php-tests/action.yml b/php-tests/action.yml
index 18c83c3..be18f7f 100644
--- a/php-tests/action.yml
+++ b/php-tests/action.yml
@@ -109,11 +109,19 @@ runs:
         esac
 
         # Validate PHP version format
-        if [[ "$PHP_VERSION" != "latest" ]]; then
-          if ! [[ "$PHP_VERSION" =~ ^[0-9]+(\.[0-9]+)?(\.[0-9]+)?$ ]]; then
-            echo "::error::Invalid php-version format: '$PHP_VERSION'. Expected format: X.Y or X.Y.Z (e.g., 8.4, 8.3.0)"
-            exit 1
-          fi
+        if [ "$PHP_VERSION" != "latest" ]; then
+          case "$PHP_VERSION" in
+            [0-9]*.[0-9]*.[0-9]*)
+              # X.Y.Z format (e.g., 8.3.0)
+              ;;
+            [0-9]*.[0-9]*)
+              # X.Y format (e.g., 8.4)
+              ;;
+            *)
+              echo "::error::Invalid php-version format: '$PHP_VERSION'. Expected format: X.Y or X.Y.Z (e.g., 8.4, 8.3.0)"
+              exit 1
+              ;;
+          esac
         fi
 
         # Validate coverage driver
@@ -126,23 +134,35 @@ runs:
             ;;
         esac
 
-        # Validate max retries
-        if ! [[ "$MAX_RETRIES" =~ ^[0-9]+$ ]] || [ "$MAX_RETRIES" -le 0 ] || [ "$MAX_RETRIES" -gt 10 ]; then
+        # Validate max retries (must be digits only)
+        case "$MAX_RETRIES" in
+          *[!0-9]*)
+            echo "::error::Invalid max-retries: '$MAX_RETRIES'. Must be a positive integer between 1 and 10"
+            exit 1
+            ;;
+        esac
+        # Validate max retries range
+        if [ "$MAX_RETRIES" -le 0 ] || [ "$MAX_RETRIES" -gt 10 ]; then
           echo "::error::Invalid max-retries: '$MAX_RETRIES'. Must be a positive integer between 1 and 10"
           exit 1
         fi
 
-        # Validate email format
-        if [[ "$EMAIL" != *"@"* ]] || [[ "$EMAIL" != *"."* ]]; then
-          echo "::error::Invalid email format: '$EMAIL'. Expected valid email address"
-          exit 1
-        fi
+        # Validate email format (must contain @ and .)
+        case "$EMAIL" in
+          *@*.*) ;;
+          *)
+            echo "::error::Invalid email format: '$EMAIL'. Expected valid email address"
+            exit 1
+            ;;
+        esac
 
-        # Validate username format
-        if [[ "$USERNAME" == *";"* ]] || [[ "$USERNAME" == *"&&"* ]] || [[ "$USERNAME" == *"|"* ]]; then
-          echo "::error::Invalid username: '$USERNAME'. Command injection patterns not allowed"
-          exit 1
-        fi
+        # Validate username format (reject command injection patterns)
+        case "$USERNAME" in
+          *";"*|*"&&"*|*"|"*)
+            echo "::error::Invalid username: '$USERNAME'. Command injection patterns not allowed"
+            exit 1
+            ;;
+        esac
 
         if [ ${#USERNAME} -gt 39 ]; then
           echo "::error::Username too long: ${#USERNAME} characters. GitHub usernames are max 39 characters"